CN112585905A

Movatterモバイル変換

Info

Publication number: CN112585905A
Application number: CN201980053551.5A
Authority: CN
Inventors: 林孝盈; 摩罗·康帝; 安瑞塔·后姜; 索比尔·哈尔德
Original assignee: Huawei Technologies Co Ltd
Current assignee: Shenzhen Yinwang Intelligent Technology Co ltd
Priority date: 2019-11-12
Filing date: 2019-11-12
Publication date: 2021-03-30
Anticipated expiration: 2039-11-12
Also published as: WO2021092745A1; EP3883212B1; EP3883212A4; CN112585905B; EP3883212A1

Abstract

Translated fromChinese

一种设备升级方法及相关设备，具体可以应用于智能车辆以及无人驾驶车辆，保证车辆内部车载设备升级的安全性，其中的方法包括服务器根据待升级设备的属性集合生成针对所述待升级设备的访问策略；所述服务器根据所述访问策略对目标升级包进行加密，生成目标升级包密文；所述服务器将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。可用于保障家用设备或车载设备的安全高效的升级。

An equipment upgrade method and related equipment, which can be specifically applied to smart vehicles and unmanned vehicles to ensure the safety of the upgrade of on-board equipment inside the vehicle, wherein the method includes a server generating according to an attribute set of the equipment to be upgraded. the access policy; the server encrypts the target upgrade package according to the access policy, and generates the target upgrade package ciphertext; the server sends the target upgrade package ciphertext to the device to be upgraded, and the target upgrade package The ciphertext is used for the device to be upgraded to decrypt according to one or more attribute keys corresponding to the attribute set to obtain the target upgrade package. It can be used to ensure the safe and efficient upgrade of home equipment or in-vehicle equipment.

Description

Translated fromChinese

技术领域technical field

本申请涉及设备升级技术领域，尤其涉及一种设备升级方法及相关设备。The present application relates to the technical field of equipment upgrading, and in particular, to a method for upgrading equipment and related equipment.

背景技术Background technique

远程在线升级通常指在设备(如电脑、手机等)在连接网络的情况下，从服务器下载升级文件以将操作系统、软件等更新至最新状态，无需大量的人工干预，则便可以自主完成设备升级，成本低、且升级效率高。Remote online upgrade usually refers to downloading upgrade files from the server to update the operating system, software, etc. to the latest state when the device (such as a computer, mobile phone, etc.) is connected to the network, without a lot of manual intervention, the device can be completed independently Upgrade, low cost and high upgrade efficiency.

以升级设备为车载设备为例，未来的每辆车都是车联网中的一个网络节点，与电脑，手机等联网设备没有本质的不同。据估计，北美60％到70％车辆招回是由于固件/软件的原因，因此升级车载设备的固件/软件是必不可少的环节。传统待升级车载单元的固件/软件是采用车辆招回的方式，这种办法的缺点是：成本高、周期长。Taking the upgraded equipment as an in-vehicle device as an example, every vehicle in the future will be a network node in the Internet of Vehicles, which is not fundamentally different from Internet-connected devices such as computers and mobile phones. It is estimated that 60% to 70% of vehicle recalls in North America are due to firmware/software reasons, so upgrading the firmware/software of in-vehicle equipment is an essential link. Traditionally, the firmware/software of the on-board unit to be upgraded adopts the method of vehicle recall. The disadvantages of this method are: high cost and long cycle.

因此，未来车载设备的升级应采用更灵活的远程在线升级方式，如空中下载技术(Over-The-Air，OTA)，就像现在的电脑和手机升级一样通过网络来远程升级。对车载设备进行远程固件/软件升级可带来很多好处。例如，便于关键的固件/软件bugs得以快速修复、增加车辆安全性、便于车辆在整个生命周期内及时添加新功能或特色等。因此采用OTA方式不需要车辆招回就可进行固件/软件升级，可为车辆生产商或销售商节省大量成本，同时也为车主带来便利。Therefore, in the future, the upgrade of in-vehicle equipment should adopt a more flexible remote online upgrade method, such as Over-The-Air (OTA) technology. Just like the current computer and mobile phone upgrade, the remote upgrade can be done through the network. Remote firmware/software upgrades for in-vehicle devices offer many benefits. For example, enabling critical firmware/software bugs to be quickly fixed, increasing vehicle safety, and facilitating timely addition of new functions or features throughout the vehicle's lifecycle. Therefore, the OTA method can be used for firmware/software upgrade without vehicle recall, which can save a lot of costs for vehicle manufacturers or sellers, and also bring convenience to vehicle owners.

然而，在车载设备的远程升级过程中，可能存在一些安全隐患。例如，升级文件来源不可靠，升级文件版本、内容不匹配，或者车载设备自身不满足升级条件等，这些都有可能导致车载设备升级的失败或异常，最终导致用户的驾驶安全受到威胁。因此，如何保证包括车载设备等在内的相关设备安全高效的进行固件/软件升级成为亟待解决的问题。However, there may be some security risks in the process of remote upgrade of in-vehicle equipment. For example, the source of the upgrade file is unreliable, the version and content of the upgrade file do not match, or the in-vehicle device itself does not meet the upgrade conditions, etc., which may lead to the failure or abnormality of the upgrade of the in-vehicle device, and ultimately cause the user's driving safety to be threatened. Therefore, how to ensure the safe and efficient firmware/software upgrade of related equipment including on-board equipment has become an urgent problem to be solved.

发明内容SUMMARY OF THE INVENTION

本发明实施例所要解决的技术问题在于，提供一种设备升级方法及相关设备，解决了升级设备无法安全高效的进行固件/软件升级的问题。The technical problem to be solved by the embodiments of the present invention is to provide a device upgrade method and related devices, which solve the problem that the upgrade device cannot perform firmware/software upgrade safely and efficiently.

第一方面，本发明实施例提供了一种设备升级方法，可包括：In a first aspect, an embodiment of the present invention provides a device upgrade method, which may include:

服务器根据待升级设备的属性集合生成针对所述待升级设备的访问策略；所述服务器根据所述访问策略对目标升级包进行加密，生成目标升级包密文；所述服务器将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。The server generates an access policy for the device to be upgraded according to the attribute set of the device to be upgraded; the server encrypts the target upgrade package according to the access policy, and generates the ciphertext of the target upgrade package; the server generates the target upgrade package ciphertext; The ciphertext is sent to the device to be upgraded, and the ciphertext of the target upgrade package is used by the device to be upgraded to decrypt according to one or more attribute keys corresponding to the attribute set to obtain the target upgrade package.

本发明实施例中，上述方法为基于属性加密算法来根据访问策略对目标升级包进行加密。而将密文策略属性加密算法(CP-ABE)具体应用到设备升级场景中，服务器可根据待升级设备的属性集合，生成对应的访问策略，并根据该访问策略对待升级设备的升级包进行加密，最终生成只有满足访问策略中所设置的前提条件(即拥有匹配的属性信息所对应的属性密钥)的设备才可以正确解密获得升级包，实现了升级条件的强制检测以及升级包细粒度的访问控制，即非法设备或者不满足升级条件的设备由于没有匹配的属性信息对应的属性密钥，则无法获得或解密该升级包，保证了设备升级过程的安全性以及准确性。可选的，可以通过在待升级设备的升级请求中携带该待升级设备的属性集合(包含该设备的一个或多个属性信息)的方式，使得服务器获知该待升级设备的属性集合，也可以通过服务器预存储的待升级设备的属性集合或者通过其他途径获得的待升级设备的属性集合进行访问策略的生成。In the embodiment of the present invention, the above method is to encrypt the target upgrade package according to the access policy based on the attribute encryption algorithm. The ciphertext policy attribute encryption algorithm (CP-ABE) is specifically applied to the device upgrade scenario. The server can generate a corresponding access policy according to the attribute set of the device to be upgraded, and encrypt the upgrade package of the device to be upgraded according to the access policy. Finally, only devices that meet the preconditions set in the access policy (that is, possess the attribute key corresponding to the matching attribute information) can correctly decrypt and obtain the upgrade package, which realizes the mandatory detection of upgrade conditions and the fine-grained upgrade package. Access control means that illegal devices or devices that do not meet the upgrade conditions cannot obtain or decrypt the upgrade package because they do not have the attribute key corresponding to the matching attribute information, which ensures the security and accuracy of the device upgrade process. Optionally, the attribute set of the device to be upgraded (including one or more attribute information of the device) can be carried in the upgrade request of the device to be upgraded, so that the server can know the attribute set of the device to be upgraded. The generation of the access policy is performed through the attribute set of the device to be upgraded pre-stored by the server or the attribute set of the device to be upgraded obtained through other means.

在一种可能的实现方式中，所述方法还包括：所述服务器获取所述待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合。本发明实施例通过在待升级设备的升级请求中携带待升级设备的属性集合的方式，从而使得服务器可以根据升级请求中的属性集合生成该待升级设备的访问策略。In a possible implementation manner, the method further includes: acquiring, by the server, an upgrade request of the device to be upgraded, where the upgrade request includes an attribute set of the device to be upgraded. In the embodiment of the present invention, the attribute set of the device to be upgraded is carried in the upgrade request of the device to be upgraded, so that the server can generate the access policy of the device to be upgraded according to the attribute set in the upgrade request.

在一种可能的实现方式中，所述服务器获取所述待升级设备的升级请求，包括：所述服务器接收所述待升级设备发送的所述升级请求，所述属性集合包括所述待升级设备的一个或多个属性信息。In a possible implementation manner, acquiring, by the server, the upgrade request of the device to be upgraded includes: receiving, by the server, the upgrade request sent by the device to be upgraded, and the attribute set includes the device to be upgraded one or more attribute information.

本发明实施例中，通过待升级设备自身向服务器发送升级请求，且该升级请求中携带了该待升级设备的一个或者多个属性信息。例如，待升级车辆向服务器发送携带有自身的车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号等属性信息的升级请求。In the embodiment of the present invention, an upgrade request is sent to the server through the device to be upgraded itself, and the upgrade request carries one or more attribute information of the device to be upgraded. For example, the vehicle to be upgraded sends an upgrade request to the server that carries attribute information such as its own vehicle identity code, engine number, license plate number, model serial number, hardware version number of vehicle components, and software version number of vehicle components.

在一种可能的实现方式中，所述升级请求还包括所述待升级设备的身份信息；所述方法还包括：所述服务器对所述待升级设备的身份信息进行验证；若验证通过，所述服务器根据所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件。In a possible implementation manner, the upgrade request further includes the identity information of the device to be upgraded; the method further includes: the server verifies the identity information of the device to be upgraded; if the verification is passed, the The server determines, according to one or more attribute information of the device to be upgraded, one or more upgrade files that need to be upgraded for the device to be upgraded, and the target upgrade package includes the one or more upgrade files.

本发明实施例中，服务器在获取待升级设备的升级请求后，先对该升级请求做身份验证，若身份验证通过后，则表明该请求者合法，因此根据升级请求中的待升级设备的属性信息确定对应的目标升级包。由于升级包是服务器根据该待升级设备的属性信息确定的，因此可以确保待升级设备可以下载其所精确需要以及符合条件的升级包，避免升级包不符合待升级设备的属性要求，并且，也可以避免不符合该属性信息的待升级设备非法获得升级包，进一步保证了设备升级过程的安全性以及准确性。In the embodiment of the present invention, after acquiring the upgrade request of the device to be upgraded, the server first performs identity verification on the upgrade request. If the identity verification is passed, it indicates that the requester is legal. Therefore, according to the attributes of the device to be upgraded in the upgrade request information to determine the corresponding target upgrade package. Since the upgrade package is determined by the server according to the attribute information of the device to be upgraded, it can ensure that the device to be upgraded can download the upgrade package that it needs exactly and meets the conditions, avoids that the upgrade package does not meet the attribute requirements of the device to be upgraded, and also The device to be upgraded that does not conform to the attribute information can be prevented from illegally obtaining the upgrade package, thereby further ensuring the safety and accuracy of the device upgrade process.

在一种可能的实现方式中，所述属性集合包括所述待升级设备的一个或多个属性信息；所述服务器根据待升级设备的属性集合生成针对所述待升级设备的访问策略，包括：所述服务器根据所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件；所述服务器确定所述一个或多个升级文件对应的升级条件，并基于所述升级条件生成所述访问策略。In a possible implementation manner, the attribute set includes one or more attribute information of the device to be upgraded; the server generates an access policy for the device to be upgraded according to the attribute set of the device to be upgraded, including: The server determines, according to one or more attribute information of the device to be upgraded, one or more upgrade files that need to be upgraded for the device to be upgraded, and the target upgrade package includes the one or more upgrade files; the The server determines an upgrade condition corresponding to the one or more upgrade files, and generates the access policy based on the upgrade condition.

本发明实施例中，服务器根据待升级设备的一个或者多个属性信息确定一个或多个升级文件，并依据该一个或多个升级文件的升级条件组合后转换为所述访问策略，也即是服务器根据待升级设备的相关属性信息生成针对该待升级设备的升级条件，以限制目标升级包的访问权限。In this embodiment of the present invention, the server determines one or more upgrade files according to one or more attribute information of the device to be upgraded, and converts it into the access policy according to the combination of the upgrade conditions of the one or more upgrade files, that is, The server generates an upgrade condition for the device to be upgraded according to the relevant attribute information of the device to be upgraded, so as to limit the access rights of the target upgrade package.

在一种可能的实现方式中，所述服务器获取待升级设备的升级请求，包括：所述服务器接收终端设备发送的所述待升级设备的升级请求，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。In a possible implementation manner, the obtaining, by the server, the upgrade request of the device to be upgraded includes: the server receiving, by the server, the upgrade request of the device to be upgraded sent by the terminal device, and the attribute set includes one of the terminal devices. or more attribute information and one or more attribute information of the device to be upgraded.

本发明实施例中，通过与待升级设备绑定的终端设备向服务器发送升级请求，此时该升级请求中携带了该终端设备的一个或多个属性信息以及该待升级设备自身的一个或者多个属性信息。例如，与待升级车辆绑定的智能手机向服务器发送携带有自身的手机号、手机识别码和手机的软件版本信息，以及携带有待升级车辆的车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号等属性信息的升级请求。In this embodiment of the present invention, an upgrade request is sent to the server through a terminal device bound to the device to be upgraded. At this time, the upgrade request carries one or more attribute information of the terminal device and one or more attributes of the device to be upgraded itself. attribute information. For example, the smartphone bound to the vehicle to be upgraded sends the server with its own mobile phone number, mobile phone identification code and software version information of the mobile phone, as well as the vehicle identification code, engine number, license plate number, and model serial number of the vehicle to be upgraded. , an upgrade request for attribute information such as the hardware version number of the vehicle component and the software version number of the vehicle component.

在一种可能的实现方式中，所述升级请求还包括所述终端设备的身份信息和所述待升级设备的身份信息；所述方法还包括：所述服务器对所述终端设备的身份信息和所述终端设备待升级设备的身份信息分别进行验证；若均验证通过，所述服务器根据所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件。In a possible implementation manner, the upgrade request further includes the identity information of the terminal device and the identity information of the device to be upgraded; the method further includes: the server has the identity information of the terminal device and the identity information and The identity information of the device to be upgraded of the terminal device is verified respectively; if all verifications are passed, the server determines, according to one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded, One or more upgrade files that the device to be upgraded needs to be upgraded, and the target upgrade package includes the one or more upgrade files.

本发明实施例中，服务器在获取待升级设备的升级请求后，先对该升级请求做身份验证，若身份验证通过后，则表明该请求者合法，因此根据升级请求中的终端设备以及待升级设备的属性信息共同确定对应的目标升级包。由于升级包是服务器根据终端设备和待升级设备的属性信息共同确定的，因此可以确保与对应的终端设备绑定的符合属性信息要求的待升级设备可以下载其所精确需要以及符合条件的升级包，避免升级包不符合终端设备以及待升级设备的属性要求，并且，也可以避免不符合该属性信息的待升级设备非法获得升级包，进一步保证了设备升级过程的安全性以及准确性。In the embodiment of the present invention, after acquiring the upgrade request of the device to be upgraded, the server first performs identity verification on the upgrade request. If the identity verification is passed, it indicates that the requester is legal. Therefore, according to the terminal device in the upgrade request and the terminal device to be upgraded The attribute information of the device jointly determines the corresponding target upgrade package. Since the upgrade package is jointly determined by the server according to the attribute information of the terminal device and the device to be upgraded, it can be ensured that the device to be upgraded that meets the requirements of the attribute information bound to the corresponding terminal device can download the upgrade package that it needs exactly and meets the conditions. , to prevent the upgrade package from not meeting the attribute requirements of the terminal device and the device to be upgraded, and also to prevent the device to be upgraded that does not meet the attribute information from illegally obtaining the upgrade package, further ensuring the safety and accuracy of the device upgrade process.

在一种可能的实现方式中，所述服务器根据待升级设备的属性集合生成针对所述待升级设备的访问策略，包括：所述服务器根据所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件；所述服务器确定所述一个或多个升级文件对应的升级条件，并基于所述升级条件生成所述访问策略。In a possible implementation manner, the server generates an access policy for the device to be upgraded according to the attribute set of the device to be upgraded, including: the server generates an access policy for the device to be upgraded according to one or more attribute information of the terminal device and the One or more attribute information of the device to be upgraded, determine one or more upgrade files that need to be upgraded for the device to be upgraded, and the target upgrade package includes the one or more upgrade files; the server determines the one or more upgrade files. upgrade conditions corresponding to multiple upgrade files, and generate the access policy based on the upgrade conditions.

本发明实施例中，由于引入终端设备协助待升级设备进行升级，因此，服务器根据终端设备和待升级设备的多个属性信息确定一个或多个升级文件，并依据该一个或多个升级文件的升级条件组合后转换为所述访问策略，也即是服务器根据终端设备和待升级设备的相关属性信息生成针对该待升级设备的升级条件，以限制目标升级包的访问权限。In this embodiment of the present invention, since a terminal device is introduced to assist the device to be upgraded in upgrading, the server determines one or more upgrade files according to multiple attribute information of the terminal device and the device to be upgraded, and determines one or more upgrade files according to the attribute information of the one or more upgrade files. After the upgrade condition is combined, it is converted into the access policy, that is, the server generates the upgrade condition for the to-be-upgraded device according to the related attribute information of the terminal device and the to-be-upgraded device, so as to limit the access rights of the target upgrade package.

在一种可能的实现方式中，所述升级请求经过所述公钥的加密；所述方法还包括：所述服务器根据所述公钥对应的私钥对所述升级请求进行解密。In a possible implementation manner, the upgrade request is encrypted by the public key; the method further includes: the server decrypts the upgrade request according to the private key corresponding to the public key.

本发明实施例中，待升级设备的升级请求本身还可以经过公钥的加密，从而使得服务器可以根据所述公钥对应的私钥对所述升级请求进行解密，保证升级请求发送的安全性。In the embodiment of the present invention, the upgrade request itself of the device to be upgraded can also be encrypted by the public key, so that the server can decrypt the upgrade request according to the private key corresponding to the public key, so as to ensure the security of sending the upgrade request.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述方法还包括：所述服务器生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；所述服务器根据所述主密钥以及所述一个或多个属性信息，生成所述属性集合对应的一个或多个属性密钥；所述服务器将所述一个或多个属性密钥发送至所述待升级设备进行预存储；其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。可选的，所述方法还包括：所述服务器在将一个或多个属性密钥发送至待升级设备上进行预存储时，还将所述公钥发送至所述待升级设备上，以用于所述待升级设备进行升级请求的加密。In a possible implementation manner, the attribute set includes one or more attribute information; the method further includes: generating, by the server, a public key and a master key, where the master key corresponds to the public key private key; the server generates one or more attribute keys corresponding to the attribute set according to the master key and the one or more attribute information; the server generates the one or more attribute keys Sent to the device to be upgraded for pre-storage; wherein, the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package. Optionally, the method further includes: when the server sends one or more attribute keys to the device to be upgraded for pre-storage, also sends the public key to the device to be upgraded to use The upgrade request is encrypted on the device to be upgraded.

本发明实施例中，服务器在初始阶段需要生成针对该待升级设备后续安全升级过程中所要使用到的公钥、主密钥(与所述公钥对应的私钥)以及对应的属性密钥，并且将属性密钥发送给拥有对应属性信息的待升级设备，以保证后续的基于密文策略属性加密算法的设备安全升级过程。可选的，还将公钥发送至待升级设备用于待升级设备对升级请求进行加密。In the embodiment of the present invention, the server needs to generate the public key, the master key (the private key corresponding to the public key) and the corresponding attribute key to be used in the subsequent security upgrade process for the device to be upgraded in the initial stage, And the attribute key is sent to the device to be upgraded that has the corresponding attribute information, so as to ensure the subsequent security upgrade process of the device based on the ciphertext policy attribute encryption algorithm. Optionally, the public key is also sent to the device to be upgraded, for the device to be upgraded to encrypt the upgrade request.

在一种可能的实现方式中，所述方法还包括：所述服务器生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；所述服务器将所述主密钥发送至所述待升级设备上进行预存储，所述主密钥用于所述待升级设备生成所述属性集合对应的一个或多个属性密钥，其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。In a possible implementation manner, the method further includes: the server generates a public key and a master key, where the master key is a private key corresponding to the public key; the server generates the master key sent to the device to be upgraded for pre-storage, and the master key is used by the device to be upgraded to generate one or more attribute keys corresponding to the attribute set, wherein the one or more attribute keys for the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package.

本方法实施例中，服务器将主密钥发送给待升级设备(可选的，还将公钥与该主密钥一起发送)，用于所述待升级设备在待升级设备的本地，根据满足访问策略中升级条件的属性信息生成对应的属性密钥，进而获得对应的目标升级包。可适用于待升级设备的属性信息变化大的情形，例如，智能车辆为共享车辆，其对应的用户信息或者账户信息等经常变动，导致经常需要不同的属性密钥才能为不同的用户提供设备升级服务等。In this embodiment of the method, the server sends the master key to the device to be upgraded (optionally, the public key is also sent together with the master key), so that the device to be upgraded is local to the device to be upgraded. The attribute information of the upgrade condition in the access policy generates the corresponding attribute key, and then obtains the corresponding target upgrade package. It can be applied to the situation where the attribute information of the device to be upgraded changes greatly. For example, the intelligent vehicle is a shared vehicle, and its corresponding user information or account information changes frequently, which often requires different attribute keys to provide device upgrades for different users. service etc.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述目标升级包包括所述属性集合中至少一个属性信息对应的更新后的属性密钥。In a possible implementation manner, the attribute set includes one or more attribute information; the target upgrade package includes an updated attribute key corresponding to at least one attribute information in the attribute set.

本发明实施例中，由于属性密钥可能会存在更新或变更的情况，因此，服务器还可以通过在升级包中携带最新的属性密钥，使得满足属性信息条件的车辆可以根据最新的属性进行升级包的解密，避免需要通过其他额外流程将更新后的属性密钥的发送给待升级设备。In the embodiment of the present invention, since the attribute key may be updated or changed, the server can also carry the latest attribute key in the upgrade package, so that the vehicle that meets the attribute information condition can be upgraded according to the latest attribute Decryption of the package, avoiding the need to send the updated attribute key to the device to be upgraded through other additional processes.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；其中，至少一个所述属性信息相同的不同待升级设备对应相同的所述公钥和对应的主密钥。In a possible implementation manner, the attribute set includes one or more attribute information; wherein, at least one different device to be upgraded with the same attribute information corresponds to the same public key and corresponding master key.

本发明实施例中，服务器针对具有相同的某一种或者某几种属性信息的不同待升级设备，使用相同的公钥以及对应的主密钥，可以降低服务器上的存储量以及计算量，提升升级效率。例如具有相同型号的车辆，可以采用相同的公钥和主密钥。In this embodiment of the present invention, the server uses the same public key and corresponding master key for different devices to be upgraded that have the same attribute information of one or several types, which can reduce the amount of storage and calculation on the server, and improve the Upgrade efficiency. For example, vehicles with the same model can use the same public key and master key.

在一种可能的实现方式中，所述服务器根据所述属性集合生成针对所述待升级设备的访问策略，包括：所述服务器根据所述属性集合确定所述目标升级包；所述服务器确定所述目标升级包对应的升级条件，并将所述升级条件组合后转换为所述访问策略。In a possible implementation manner, generating, by the server, an access policy for the device to be upgraded according to the attribute set includes: determining, by the server, the target upgrade package according to the attribute set; determining, by the server, the target upgrade package. The upgrade conditions corresponding to the target upgrade package are combined, and the upgrade conditions are combined and converted into the access policy.

本发明实施例中，服务器根据升级请求中的属性集合确定与该待升级设备匹配的目标升级包，并针对该目标升级包定义升级的前提条件，再将升级的前提条件经过组合转换后确定为访问策略，从而使得后续可以根据该访问策略对目标升级包进行加密，以实现对待升级设备的升级条件(例如身份、状态等)的强制力检测。In this embodiment of the present invention, the server determines a target upgrade package matching the device to be upgraded according to the attribute set in the upgrade request, defines the upgrade prerequisites for the target upgrade package, and then determines the upgrade prerequisites as access policy, so that the target upgrade package can be encrypted subsequently according to the access policy, so as to realize the mandatory force detection of upgrade conditions (eg identity, status, etc.) of the device to be upgraded.

在一种可能的实现方式中，所述待升级设备为智能车辆；所述属性集合包括车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号中的一种或者多种属性信息。In a possible implementation manner, the device to be upgraded is a smart vehicle; the attribute set includes vehicle identification code, engine number, license plate number, model serial number, hardware version number of vehicle components and software version number of vehicle components One or more attribute information in .

本发明实施例中，将上述任意一种设备升级方法应用在车载设备升级场景中，可以保证车辆升级的安全性以及准确性。In the embodiment of the present invention, any one of the above-mentioned device upgrade methods is applied in the vehicle device upgrade scenario, which can ensure the safety and accuracy of the vehicle upgrade.

在一种可能的实现方式中，所述终端设备为智能手机；所述属性集合包括手机号、手机识别码和手机的软件版本信息中的一种或者多种属性信息。In a possible implementation manner, the terminal device is a smart phone; the attribute set includes one or more attribute information among a mobile phone number, a mobile phone identification code, and software version information of the mobile phone.

本发明实施例中，通过采用智能手机搭配待升级设备进行升级，提供一种适用于一些特殊场景中的升级系统架构。例如，某个用户可以通过自己的智能手机对与该手绑定的车辆进行安全升级，安全便捷。In the embodiment of the present invention, an upgrade system architecture suitable for some special scenarios is provided by using a smart phone with a device to be upgraded for upgrade. For example, a user can safely upgrade the vehicle bound to the hand through his smartphone, which is safe and convenient.

第二方面，本发明实施例提供了一种设备升级方法，可包括：In a second aspect, an embodiment of the present invention provides a device upgrade method, which may include:

待升级设备接收服务器发送的目标升级包密文，所述目标升级包密文为所述服务器根据访问策略对目标升级包进行加密生成的，所述访问策略为所述服务器根据所述待升级设备的属性集合生成的；所述待升级设备获取所述属性集合对应的一个或多个属性密钥；所述待升级设备根据所述一个或多个属性密钥对所述目标升级包密文进行解密，获得目标升级包。The device to be upgraded receives the ciphertext of the target upgrade package sent by the server, where the ciphertext of the target upgrade package is generated by the server after encrypting the target upgrade package according to an access policy, and the access policy is that the server encrypts the target upgrade package according to the device to be upgraded. generated by the attribute set; the device to be upgraded obtains one or more attribute keys corresponding to the attribute set; the device to be upgraded performs the ciphertext of the target upgrade package according to the one or more attribute keys. Decrypt to obtain the target upgrade package.

本发明实施例中，上述方法为基于属性加密算法来根据访问策略对目标升级包进行加密。而将密文策略属性加密算法(CP-ABE)具体应用到设备升级场景中，服务器可根据待升级设备的属性集合，生成对应的访问策略，并根据该访问策略对待升级设备的升级包进行加密，最终生成只有满足访问策略中所设置的前提条件(即拥有匹配的属性信息所对应的属性密钥)的设备才可以正确解密获得升级包，实现了升级条件的强制检测以及升级包细粒度的访问控制，即非法设备或者不满足升级条件的设备由于没有匹配的属性信息对应的属性密钥，则无法获得或解密该升级包，保证了设备升级过程的安全性以及准确性。在一种可能的实现方式中，所述方法还包括：所述待升级设备向所述服务器发送升级请求，所述升级请求包括所述待升级设备的属性集合。In the embodiment of the present invention, the above method is to encrypt the target upgrade package according to the access policy based on the attribute encryption algorithm. The ciphertext policy attribute encryption algorithm (CP-ABE) is specifically applied to the device upgrade scenario. The server can generate a corresponding access policy according to the attribute set of the device to be upgraded, and encrypt the upgrade package of the device to be upgraded according to the access policy. Finally, only devices that meet the preconditions set in the access policy (that is, possess the attribute key corresponding to the matching attribute information) can correctly decrypt and obtain the upgrade package, which realizes the mandatory detection of upgrade conditions and the fine-grained upgrade package. Access control means that illegal devices or devices that do not meet the upgrade conditions cannot obtain or decrypt the upgrade package because they do not have the attribute key corresponding to the matching attribute information, which ensures the security and accuracy of the device upgrade process. In a possible implementation manner, the method further includes: the device to be upgraded sends an upgrade request to the server, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述待升级设备获取所述属性集合对应的一个或多个属性密钥，包括：所述待升级设备接收所述服务器发送的一个或多个属性密钥，并进行预存储；所述属性密钥为所述服务器生成公钥和主密钥后，根据所述主密钥以及所述一个或多个属性信息，生成的一个或多个属性密钥；所述主密钥为所述公钥对应的私钥。In a possible implementation manner, the attribute set includes one or more attribute information; the device to be upgraded obtains one or more attribute keys corresponding to the attribute set, including: the device to be upgraded receives the One or more attribute keys sent by the server, and pre-stored; after the attribute key generates a public key and a master key for the server, according to the master key and the one or more attribute information , one or more attribute keys are generated; the master key is the private key corresponding to the public key.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述待升级设备获取所述属性集合对应的一个或多个属性密钥，包括：所述待升级设备接收所述服务器发送的主密钥并进行预存储，所述主密钥为所述服务器生成的；所述待升级设备根据所述主密钥以及所述一个或多个属性信息，生成一个或多个属性密钥。In a possible implementation manner, the attribute set includes one or more attribute information; the device to be upgraded obtains one or more attribute keys corresponding to the attribute set, including: the device to be upgraded receives the The master key sent by the server is pre-stored, and the master key is generated by the server; the device to be upgraded generates one or more attributes according to the master key and the one or more attribute information. property key.

在一种可能的实现方式中，所述升级请求还包括所述待升级设备的身份信息；其中，所述身份信息用于所述服务器进行验证，若验证通过则根据所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件。In a possible implementation manner, the upgrade request further includes the identity information of the device to be upgraded; wherein, the identity information is used for the server to perform verification, and if the verification is passed, an or multiple pieces of attribute information to determine one or more upgrade files that need to be upgraded for the device to be upgraded, and the target upgrade package includes the one or more upgrade files.

在一种可能的实现方式中，所述升级请求经过所述公钥的加密；其中，加密后的所述升级请求用于所述服务器根据所述公钥对应的私钥对所述升级请求进行解密。In a possible implementation manner, the upgrade request is encrypted by the public key; wherein, the encrypted upgrade request is used by the server to perform the upgrade request on the upgrade request according to the private key corresponding to the public key. decrypt.

第三方面，本发明实施例提供了一种设备升级方法，可包括：In a third aspect, an embodiment of the present invention provides a device upgrade method, which may include:

终端设备向服务器发送待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息；所述待升级设备接收所述服务器发送的目标升级包密文，所述目标升级包密文为所述服务器基于属性加密算法，根据访问策略对目标升级包进行加密生成的，所述访问策略为所述服务器根据所述属性集合生成的；The terminal device sends an upgrade request of the device to be upgraded to the server, the upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attribute information of the terminal device and one of the device to be upgraded. or multiple attribute information; the device to be upgraded receives the target upgrade package ciphertext sent by the server, and the target upgrade package ciphertext is generated by the server encrypting the target upgrade package based on an attribute encryption algorithm and according to an access policy , the access policy is generated by the server according to the attribute set;

所述待升级设备根据所述属性集合对应的一个或多个属性密钥对所述目标升级包密文进行解密，获得目标升级包。The device to be upgraded decrypts the ciphertext of the target upgrade package according to one or more attribute keys corresponding to the attribute set to obtain the target upgrade package.

在一种可能的实现方式中，所述升级请求还包括所述终端设备的身份信息和所述待升级设备的身份信息；其中，所述终端设备的身份信息和所述待升级设备的身份信息用于所述服务器分别进行验证；若均验证通过则根据所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件。In a possible implementation manner, the upgrade request further includes the identity information of the terminal device and the identity information of the device to be upgraded; wherein, the identity information of the terminal device and the identity information of the device to be upgraded It is used for the server to verify respectively; if all verifications pass, then according to one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded, determine one or more attributes of the device to be upgraded that need to be upgraded or more upgrade files, and the target upgrade package includes the one or more upgrade files.

在一种可能的实现方式中，所述方法还包括：所述终端设备获取所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。In a possible implementation manner, the method further includes: acquiring, by the terminal device, one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded.

在一种可能的实现方式中，所述方法还包括：所述待升级设备获取所述终端设备的一个或多个属性信息对应的属性密钥，以及所述待升级设备的一个或多个属性信息对应属性密钥。In a possible implementation manner, the method further includes: acquiring, by the device to be upgraded, an attribute key corresponding to one or more attribute information of the terminal device, and one or more attributes of the device to be upgraded The information corresponds to the attribute key.

第四方面，本发明实施例提供了一种设备升级装置，可应用于服务器，所述装置可包括：In a fourth aspect, an embodiment of the present invention provides an apparatus for upgrading equipment, which can be applied to a server, and the apparatus may include:

策略生成单元，用于根据待升级设备的属性集合生成针对所述待升级设备的访问策略；a policy generating unit, configured to generate an access policy for the device to be upgraded according to the attribute set of the device to be upgraded;

加密单元，用于根据所述访问策略对目标升级包进行加密，生成目标升级包密文；an encryption unit, configured to encrypt the target upgrade package according to the access policy, and generate the target upgrade package ciphertext;

第一发送单元，用于将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。A first sending unit, configured to send the ciphertext of the target upgrade package to the device to be upgraded, where the ciphertext of the target upgrade package is used for the device to be upgraded according to one or more attribute encryptions corresponding to the attribute set. key to decrypt to obtain the target upgrade package.

在一种可能的实现方式中，所述装置还包括：In a possible implementation, the apparatus further includes:

获取单元，用于获取所述待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合。an obtaining unit, configured to obtain an upgrade request of the device to be upgraded, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，所述获取单元，具体用于：In a possible implementation manner, the obtaining unit is specifically used for:

接收所述待升级设备发送的所述升级请求，所述属性集合包括所述待升级设备的一个或多个属性信息。After receiving the upgrade request sent by the device to be upgraded, the attribute set includes one or more attribute information of the device to be upgraded.

在一种可能的实现方式中，所述属性集合包括所述待升级设备的一个或多个属性信息；所述策略生成单元，具体用于：In a possible implementation manner, the attribute set includes one or more attribute information of the device to be upgraded; the policy generation unit is specifically configured to:

根据所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件；Determine, according to one or more attribute information of the device to be upgraded, one or more upgrade files to be upgraded by the device to be upgraded, and the target upgrade package includes the one or more upgrade files;

确定所述一个或多个升级文件对应的升级条件，并基于所述升级条件生成所述访问策略。An upgrade condition corresponding to the one or more upgrade files is determined, and the access policy is generated based on the upgrade condition.

接收终端设备发送的所述待升级设备的升级请求，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。An upgrade request of the device to be upgraded sent by a terminal device is received, and the attribute set includes one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded.

在一种可能的实现方式中，所述生成单元，具体用于：In a possible implementation manner, the generating unit is specifically used for:

根据所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息，确定所述待升级设备需要升级的一个或多个升级文件，所述目标升级包包括所述一个或多个升级文件；According to one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded, one or more upgrade files that need to be upgraded for the device to be upgraded are determined, and the target upgrade package includes the one or more upgrade files;

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述装置还包括：In a possible implementation manner, the attribute set includes one or more attribute information; the apparatus further includes:

第一密钥生成单元，用于生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；a first key generation unit, configured to generate a public key and a master key, where the master key is a private key corresponding to the public key;

第二密钥生成单元，根据所述主密钥以及所述一个或多个属性信息，生成所述属性集合对应的一个或多个属性密钥；a second key generation unit, generating one or more attribute keys corresponding to the attribute set according to the master key and the one or more attribute information;

第二发送单元，用于将所述一个或多个属性密钥发送至所述待升级设备进行预存储；其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。a second sending unit, configured to send the one or more attribute keys to the device to be upgraded for pre-storage; wherein, the one or more attribute keys are used by the device to be upgraded to perform a The upgrade package ciphertext is decrypted to obtain the target upgrade package.

第三密钥生成单元，用于生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；a third key generation unit, configured to generate a public key and a master key, where the master key is a private key corresponding to the public key;

第三发送单元，用于将所述主密钥发送至所述待升级设备上进行预存储，所述主密钥用于所述待升级设备生成所述属性集合对应的一个或多个属性密钥，其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。a third sending unit, configured to send the master key to the device to be upgraded for pre-storage, where the master key is used by the device to be upgraded to generate one or more attribute keys corresponding to the attribute set key, wherein the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package.

在一种可能的实现方式中，其特征在于，所述属性集合包括一个或多个属性信息；所述目标升级包包括所述属性集合中至少一个属性信息对应的更新后的属性密钥。In a possible implementation manner, the attribute set includes one or more attribute information; the target upgrade package includes an updated attribute key corresponding to at least one attribute information in the attribute set.

第五方面，本发明实施例提供了一种待升级装置，可应用于待升级设备，所述装置可包括：In a fifth aspect, an embodiment of the present invention provides an apparatus to be upgraded, which can be applied to a device to be upgraded, and the apparatus may include:

接收单元，用于接收服务器发送的目标升级包密文，所述目标升级包密文为所述服务器根据访问策略对目标升级包进行加密生成的，所述访问策略为所述服务器根据所述待升级设备的属性集合生成的；A receiving unit, configured to receive the target upgrade package ciphertext sent by the server, where the target upgrade package ciphertext is generated by the server encrypting the target upgrade package according to an access policy, and the access policy is the Generated by the attribute collection of the upgrade device;

获取单元，用于获取所述属性集合对应的一个或多个属性密钥；an obtaining unit for obtaining one or more attribute keys corresponding to the attribute set;

解密单元，用于根据所述一个或多个属性密钥对所述目标升级包密文进行解密，获得目标升级包。A decryption unit, configured to decrypt the ciphertext of the target upgrade package according to the one or more attribute keys to obtain a target upgrade package.

发送单元，用于发送升级请求，所述升级请求包括所述待升级设备的属性集合。A sending unit, configured to send an upgrade request, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述获取单元，具体用于：In a possible implementation manner, the attribute set includes one or more attribute information; the acquiring unit is specifically used for:

接收所述服务器发送的一个或多个属性密钥，并进行预存储；所述属性密钥为所述服务器生成公钥和主密钥后，根据所述主密钥以及所述一个或多个属性信息，生成的一个或多个属性密钥；所述主密钥为所述公钥对应的私钥。Receive one or more attribute keys sent by the server and pre-store; after the attribute key generates a public key and a master key for the server, according to the master key and the one or more attribute keys attribute information, one or more attribute keys generated; the master key is the private key corresponding to the public key.

接收所述服务器发送主密钥并进行预存储，所述主密钥为所述服务器生成的；Receive and pre-store a master key sent by the server, where the master key is generated by the server;

所述待升级设备根据所述主密钥以及所述一个或多个属性信息，生成一个或多个属性密钥。The device to be upgraded generates one or more attribute keys according to the master key and the one or more attribute information.

第六方面，本发明实施例提供了一种设备升级装置，可应用于终端设备，所述装置可包括：In a sixth aspect, an embodiment of the present invention provides an apparatus for upgrading equipment, which can be applied to terminal equipment, and the apparatus may include:

发送单元，用于向服务器发送待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。A sending unit, configured to send an upgrade request of the device to be upgraded to the server, where the upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attribute information of the terminal device and the to-be-upgraded device One or more attribute information for the device.

在一种可能的实现方式中，所述装置还包括：获取单元，用于获取所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。In a possible implementation manner, the apparatus further includes: an acquiring unit, configured to acquire one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded.

第七方面，本发明实施例提供了一种服务器，可包括：处理器和存储器；其中，所述存储器用于存储程序代码，所述处理器用于调用所述存储器存储的程序代码执行如下步骤：In a seventh aspect, an embodiment of the present invention provides a server, which may include: a processor and a memory; wherein the memory is used to store program codes, and the processor is used to call the program code stored in the memory to perform the following steps:

根据待升级设备的属性集合生成针对所述待升级设备的访问策略；generating an access policy for the device to be upgraded according to the attribute set of the device to be upgraded;

根据所述访问策略对目标升级包进行加密，生成目标升级包密文；Encrypt the target upgrade package according to the access policy, and generate the target upgrade package ciphertext;

将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。Send the ciphertext of the target upgrade package to the device to be upgraded, and the ciphertext of the target upgrade package is used by the device to be upgraded to decrypt according to one or more attribute keys corresponding to the attribute set to obtain all the attributes. the target upgrade package.

在一种可能的实现方式中，所述处理器还用于：获取所述待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合。In a possible implementation manner, the processor is further configured to: acquire an upgrade request of the device to be upgraded, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，所述处理器，具体用于：接收所述待升级设备发送的所述升级请求，所述属性集合包括所述待升级设备的一个或多个属性信息。In a possible implementation manner, the processor is specifically configured to: receive the upgrade request sent by the device to be upgraded, and the attribute set includes one or more attribute information of the device to be upgraded.

在一种可能的实现方式中，所述属性集合包括所述待升级设备的一个或多个属性信息；所述处理器，具体用于：In a possible implementation manner, the attribute set includes one or more attribute information of the device to be upgraded; the processor is specifically configured to:

在一种可能的实现方式中，所述处理器，具体用于：In a possible implementation manner, the processor is specifically used for:

在一种可能的实现方式中，其特征在于，所述属性集合包括一个或多个属性信息；所述处理器还用于：In a possible implementation, the attribute set includes one or more attribute information; the processor is further configured to:

生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；generating a public key and a master key, where the master key is the private key corresponding to the public key;

根据所述主密钥以及所述一个或多个属性信息，生成所述属性集合对应的一个或多个属性密钥；generating one or more attribute keys corresponding to the attribute set according to the master key and the one or more attribute information;

将所述一个或多个属性密钥发送至所述待升级设备进行预存储；其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。Send the one or more attribute keys to the device to be upgraded for pre-storage; wherein, the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to Obtain the target upgrade package.

在一种可能的实现方式中，所述处理器还用于：In a possible implementation manner, the processor is further configured to:

将所述主密钥发送至所述待升级设备上进行预存储，所述主密钥用于所述待升级设备生成所述属性集合对应的一个或多个属性密钥，其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。Send the master key to the device to be upgraded for pre-storage, and the master key is used by the device to be upgraded to generate one or more attribute keys corresponding to the attribute set, wherein the one or multiple attribute keys are used for the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package.

在一种可能的实现方式中，所述处理器具体用于：根据所述属性集合确定所述目标升级包；所述服务器确定所述目标升级包对应的升级条件，并将所述升级条件组合后转换为所述访问策略。In a possible implementation manner, the processor is specifically configured to: determine the target upgrade package according to the attribute set; the server determines an upgrade condition corresponding to the target upgrade package, and combines the upgrade conditions Then convert to the access policy.

第八方面，本发明实施例提供了一种待升级设备，可包括：处理器和存储器；其中，所述存储器用于存储程序代码，所述处理器用于调用所述存储器存储的程序代码执行如下步骤：In an eighth aspect, an embodiment of the present invention provides a device to be upgraded, which may include: a processor and a memory; wherein the memory is used to store program codes, and the processor is used to call the program code stored in the memory to execute the following step:

接收服务器发送的目标升级包密文，所述目标升级包密文为所述服务器根据访问策略对目标升级包进行加密生成的，所述访问策略为所述服务器根据所述待升级设备的属性集合生成的；获取所述属性集合对应的一个或多个属性密钥；根据所述一个或多个属性密钥对所述目标升级包密文进行解密，获得目标升级包。Receive the target upgrade package ciphertext sent by the server, where the target upgrade package ciphertext is generated by the server encrypting the target upgrade package according to an access policy, where the access policy is the set of attributes of the device to be upgraded by the server generated; obtaining one or more attribute keys corresponding to the attribute set; and decrypting the ciphertext of the target upgrade package according to the one or more attribute keys to obtain the target upgrade package.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述处理器，具体用于：接收所述服务器发送的一个或多个属性密钥，并进行预存储；所述属性密钥为所述服务器生成公钥和主密钥后，根据所述主密钥以及所述一个或多个属性信息，生成的一个或多个属性密钥；所述主密钥为所述公钥对应的私钥。In a possible implementation manner, the attribute set includes one or more attribute information; the processor is specifically configured to: receive one or more attribute keys sent by the server, and pre-store them; The attribute key is one or more attribute keys generated according to the master key and the one or more attribute information after the server generates the public key and the master key; the master key is all the attribute keys. The private key corresponding to the public key.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述处理器，具体用于：接收所述服务器发送的主密钥并进行预存储，所述主密钥为所述服务器生成的；所述待升级设备根据所述主密钥以及所述一个或多个属性信息，生成一个或多个属性密钥。In a possible implementation manner, the attribute set includes one or more attribute information; the processor is specifically configured to: receive and pre-store a master key sent by the server, where the master key is Generated by the server; the device to be upgraded generates one or more attribute keys according to the master key and the one or more attribute information.

第九方面，本发明实施例提供了一种终端设备，可包括：处理器和存储器；其中，所述存储器用于存储程序代码，所述处理器用于调用所述存储器存储的程序代码执行如下步骤：In a ninth aspect, an embodiment of the present invention provides a terminal device, which may include: a processor and a memory; wherein the memory is used to store program codes, and the processor is used to call the program code stored in the memory to execute the following steps :

向服务器发送待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。Send an upgrade request of the device to be upgraded to the server, where the upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attribute information of the terminal device and one or more attributes of the device to be upgraded. attribute information.

在一种可能的实现方式中，所述处理器还用于：获取所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。In a possible implementation manner, the processor is further configured to: acquire one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded.

第十方面，本申请提供一种设备升级装置，该设备升级装置具有实现上述第一方面、第二方面或第三方面提供的任意一种设备升级方法的功能。该功能可以通过硬件实现，也可以通过硬件执行相应的软件实现。该硬件或软件包括一个或多个与上述功能相对应的模块。In a tenth aspect, the present application provides an apparatus for upgrading equipment, and the apparatus for upgrading equipment has the function of implementing any one of the apparatus upgrading methods provided in the first aspect, the second aspect or the third aspect. This function can be implemented by hardware or by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions.

第十一方面，本申请提供一种服务器，该服务器中包括处理器，处理器被配置为支持该服务器执行第一方面提供的任意一种设备升级方法中相应的功能。该服务器还可以包括存储器，存储器用于与处理器耦合，其保存该服务器必要的程序指令和数据。该服务器还可以包括通信接口，用于该服务器与其他设备或通信网络通信。In an eleventh aspect, the present application provides a server, where the server includes a processor, and the processor is configured to support the server to perform corresponding functions in any one of the device upgrading methods provided in the first aspect. The server may also include memory, coupled to the processor, which holds program instructions and data necessary for the server. The server may also include a communication interface for the server to communicate with other devices or communication networks.

第十二方面，本申请提供一种待升级设备，该待升级设备中包括处理器，处理器被配置为支持该待升级设备执行第二方面提供的任意一种设备升级方法中相应的功能。该待升级设备还可以包括存储器，存储器用于与处理器耦合，其保存该待升级设备必要的程序指令和数据。该待升级设备还可以包括通信接口，用于该待升级设备与其他设备或通信网络通信。In a twelfth aspect, the present application provides a device to be upgraded, the device to be upgraded includes a processor, and the processor is configured to support the device to be upgraded to perform corresponding functions in any one of the device upgrade methods provided in the second aspect. The device to be upgraded may further include a memory, which is coupled to the processor and stores necessary program instructions and data of the device to be upgraded. The device to be upgraded may further include a communication interface for the device to be upgraded to communicate with other devices or a communication network.

第十三方面，本申请提供一种终端设备，该终端设备中包括处理器，处理器被配置为支持该终端设备执行第三方面提供的任意一种设备升级方法中相应的功能。该终端设备还可以包括存储器，存储器用于与处理器耦合，其保存该终端设备必要的程序指令和数据。该终端设备还可以包括通信接口，用于该终端设备与其他设备或通信网络通信。In a thirteenth aspect, the present application provides a terminal device, where the terminal device includes a processor, and the processor is configured to support the terminal device to perform corresponding functions in any one of the device upgrade methods provided in the third aspect. The terminal device may also include a memory for coupling with the processor, which holds program instructions and data necessary for the terminal device. The terminal device may also include a communication interface for the terminal device to communicate with other devices or a communication network.

第十四方面，本申请提供一种计算机存储介质，用于储存为上述第一方面、第二方面或第三方面提供的服务器、待升级设备或终端设备所用的计算机软件指令，其包含用于执行上述方面所设计的程序。In a fourteenth aspect, the present application provides a computer storage medium for storing computer software instructions used by the server, the device to be upgraded or the terminal device provided in the first aspect, the second aspect or the third aspect. Execute the program designed in the above aspects.

第十五方面，本发明实施例提供了一种计算机程序，该计算机程序包括指令，当该计算机程序被执行时，使得服务器、待升级设备或终端设备可以执行上述第一方面、第二方面或第三方面中任意一项的设备升级方法中的流程。In a fifteenth aspect, an embodiment of the present invention provides a computer program, where the computer program includes instructions, when the computer program is executed, the server, the device to be upgraded, or the terminal device can execute the first aspect, the second aspect or the A process in the device upgrading method of any one of the third aspect.

第十六方面，本申请提供了一种芯片系统，该芯片系统包括处理器，用于支持服务器、待升级设备或终端设备实现上述第一方面、第二方面或第三方面中所涉及的功能。在一种可能的设计中，所述芯片系统还包括存储器，所述存储器，用于保存服务器、待升级设备或终端设备必要的程序指令和数据。该芯片系统，可以由芯片构成，也可以包含芯片和其他分立器件。In a sixteenth aspect, the present application provides a chip system, the chip system includes a processor for supporting a server, a device to be upgraded or a terminal device to implement the functions involved in the first aspect, the second aspect or the third aspect above . In a possible design, the chip system further includes a memory, and the memory is used for saving necessary program instructions and data of the server, the device to be upgraded or the terminal device. The chip system may be composed of chips, or may include chips and other discrete devices.

以上各方面中，进一步，可选的，上述各方面中所提到的属性集合可以包括待升级设备的属性信息和待升级设备中一个或多个单元模块的属性信息；其中，可选的单元模块的属性信息可以包括有单元模块的软件版本信息。In the above aspects, further, optionally, the attribute set mentioned in the above aspects may include attribute information of the device to be upgraded and attribute information of one or more unit modules in the device to be upgraded; wherein, the optional unit The attribute information of the module may include software version information of the unit module.

此外，访问策略可以包括所述待升级设备的属性信息和服务器所确定的所述待升级设备的目标升级单元模块的软件版本信息。In addition, the access policy may include attribute information of the device to be upgraded and software version information of the target upgrade unit module of the device to be upgraded determined by the server.

其中待升级设备中的单元模块可以为待升级设备中需要进行升级的模块，例如可以为车载控制设备；具体可以包括车载信息服务单元(Telematics box，TBox)和车载主控制器(Primary Electronic Control Unit，ECU)，进一步还可以包括人机界面(HumanMachine Interface，HMI)、电池管理系统(Battery Manage System，BMS)、车载辅助ECU1(Secondary ECU1)、车载辅助ECU2(Secondary ECU2)等，可选的，还可以包括车载自诊断系统II(the Second On-Board Diagnostics，OBDII)、高级驾驶辅助系统主控制器(AdvancedDriving Assistant System Main Controller，ADAS Main Controller)、车辆控制器单元(Vehicle Controller Unit，VCU)、车身控制器(Body Controller)等以上车内部件中的一个或多个。The unit module in the device to be upgraded can be a module that needs to be upgraded in the device to be upgraded, for example, it can be a vehicle-mounted control device; specifically, it may include a vehicle-mounted information service unit (Telematics box, TBox) and a vehicle-mounted main controller (Primary Electronic Control Unit). , ECU), and may further include a human-machine interface (HumanMachine Interface, HMI), a battery management system (Battery Management System, BMS), an on-board auxiliary ECU1 (Secondary ECU1), an on-board auxiliary ECU2 (Secondary ECU2), etc., optional, It can also include the on-board self-diagnosis system II (the Second On-Board Diagnostics, OBDII), the Advanced Driving Assistant System Main Controller (Advanced Driving Assistant System Main Controller, ADAS Main Controller), the Vehicle Controller Unit (Vehicle Controller Unit, VCU), One or more of the above vehicle interior components such as a body controller.

附图说明Description of drawings

图1为本发明实施例提供的一种基于物联网的智能家居升级系统的架构图；1 is a schematic diagram of a smart home upgrade system based on the Internet of Things provided by an embodiment of the present invention;

图2是本发明实施例提供的一种车载设备升级应用场景的示意图；FIG. 2 is a schematic diagram of an application scenario of in-vehicle device upgrade provided by an embodiment of the present invention;

图3是本发明实施例提供的另一种车载设备升级应用场景的示意图；FIG. 3 is a schematic diagram of another application scenario of in-vehicle device upgrade provided by an embodiment of the present invention;

图4是本发明实施例提供的一种设备升级系统架构示意图；4 is a schematic diagram of the architecture of an equipment upgrade system provided by an embodiment of the present invention;

图5为本发明实施例提供的另一种设备升级系统架构示意图；FIG. 5 is a schematic diagram of another device upgrade system architecture provided by an embodiment of the present invention;

图6是本发明实施例提供的一种Primary ECU的结构示意图；6 is a schematic structural diagram of a Primary ECU provided by an embodiment of the present invention;

图7是本发明实施例提供的一种待升级车载单元的结构示意图7 is a schematic structural diagram of an on-board unit to be upgraded provided by an embodiment of the present invention

图8是本发明实施例提供的一种终端设备的结构示意图；8 is a schematic structural diagram of a terminal device provided by an embodiment of the present invention;

图9是本发明实施例提供的一种设备升级方法的流程示意图；9 is a schematic flowchart of a device upgrading method provided by an embodiment of the present invention;

图10是本发明实施例提供的另一种设备升级方法的流程示意图；10 is a schematic flowchart of another device upgrading method provided by an embodiment of the present invention;

图11是本发明实施例提供的又一种设备升级方法的流程示意图；FIG. 11 is a schematic flowchart of another device upgrading method provided by an embodiment of the present invention;

图12是本发明实施例提供的一种智能车辆的升级场景示意图；12 is a schematic diagram of an upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention;

图13是本发明实施例提供的另一种智能车辆的升级场景示意图；13 is a schematic diagram of an upgrade scenario of another smart vehicle provided by an embodiment of the present invention;

图14是本发明实施例提供的又一种智能车辆的升级场景示意图；14 is a schematic diagram of another upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention;

图15是本发明实施例提供的又一种智能车辆的升级场景示意图；15 is a schematic diagram of another upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention;

图16是本发明实施例提供的又一种智能车辆的升级场景示意图；16 is a schematic diagram of another upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention;

图17是本发明实施例提供的又一种智能车辆的升级场景示意图；17 is a schematic diagram of another upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention;

图18是本发明实施例提供的一种设备升级装置的结构示意图；18 is a schematic structural diagram of an apparatus for upgrading equipment provided by an embodiment of the present invention;

图19是本发明实施例提供的又一种设备升级装置的结构示意图；19 is a schematic structural diagram of another device upgrading apparatus provided by an embodiment of the present invention;

图20是本发明实施例提供的一种待升级装置的结构示意图；20 is a schematic structural diagram of a device to be upgraded according to an embodiment of the present invention;

图21是本发明实施例提供的另一种设备升级装置的结构示意图；21 is a schematic structural diagram of another device upgrading apparatus provided by an embodiment of the present invention;

图22是本发明实施例提供的一种设备的结构示意图。FIG. 22 is a schematic structural diagram of a device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图，对本发明实施例进行描述。The embodiments of the present invention will be described below with reference to the accompanying drawings in the embodiments of the present invention.

本申请的说明书和权利要求书及所述附图中的术语“第一”、“第二”、“第三”和“第四”等是用于区别不同对象，而不是用于描述特定顺序。此外，术语“包括”和“具有”以及它们任何变形，意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元，而是可选地还包括没有列出的步骤或单元，或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third" and "fourth" in the description and claims of the present application and the drawings are used to distinguish different objects, rather than to describe a specific order . Furthermore, the terms "comprising" and "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.

在本文中提及“实施例”意味着，结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例，也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是，本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.

在本说明书中使用的术语“部件”、“模块”、“系统”等用于表示计算机相关的实体、硬件、固件、硬件和软件的组合、软件、或执行中的软件。例如，部件可以是但不限于，在处理器上运行的进程、处理器、对象、可执行文件、执行线程、程序和/或计算机。通过图示，在计算设备上运行的应用和计算设备都可以是部件。一个或多个部件可驻留在进程和/或执行线程中，部件可位于一个计算机上和/或分布在2个或更多个计算机之间。此外，这些部件可从在上面存储有各种数据结构的各种计算机可读介质执行。部件可例如根据具有一个或多个数据分组(例如来自与本地系统、分布式系统和/或网络间的另一部件交互的二个部件的数据，例如通过信号与其它系统交互的互联网)的信号通过本地和/或远程进程来通信。The terms "component", "module", "system" and the like are used in this specification to refer to a computer-related entity, hardware, firmware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device may be components. One or more components may reside within a process and/or thread of execution, and a component may be localized on one computer and/or distributed between 2 or more computers. In addition, these components can execute from various computer readable media having various data structures stored thereon. A component may, for example, be based on a signal having one or more data packets (eg, data from two components interacting with another component between a local system, a distributed system, and/or a network, such as the Internet interacting with other systems via signals) Communicate through local and/or remote processes.

首先，对本申请中的部分用语进行解释说明，以便于本领域技术人员理解。First, some terms in this application will be explained so as to facilitate the understanding of those skilled in the art.

(1)空中下载技术(Over the Air Technology，OTA)是通过移动通信的空中接口进行远程固件或软件远程升级的技术。(1) Over the Air Technology (OTA) is a technology for remote firmware or software remote upgrade through the air interface of mobile communication.

(2)车载信息服务(Telematics)是远距离通信的电信(Telecommunications)与信息科学(Informatics)的合成词，按字面可定义为通过内置在汽车、航空、船舶、火车等运输工具上的计算机系统、无线通信技术、卫星导航装置、交换文字、语音等信息的互联网技术而提供信息的服务系统。简单的说就通过无线网络将车辆接入互联网，为车主提供驾驶、生活所必需的各种信息。Telematics box，简称车载TBox，TBox是车辆对外部的主要通信部件，车辆升级时，可以通过Telematics box与服务器交互获得升级包。(2) Telematics is a compound word of Telecommunications and Informatics for long-distance communication. It can be literally defined as a computer system built into vehicles, aviation, ships, trains, etc. , wireless communication technology, satellite navigation device, Internet technology for exchanging text, voice and other information to provide information service system. Simply put, the vehicle is connected to the Internet through a wireless network to provide the owner with all kinds of information necessary for driving and life. Telematics box, referred to as vehicle-mounted TBox, TBox is the main communication component of the vehicle to the outside. When the vehicle is upgraded, the upgrade package can be obtained by interacting with the server through the Telematics box.

(3)电子控制单元(Electronic Control Unit，ECU)，从用途上讲则是汽车专用微机控制器。它和普通的电脑一样，由微处理器(CPU)、存储器(ROM、RAM)、输入/输出接口(I/O)、模数转换器(A/D)以及整形、驱动等大规模集成电路组成。(3) Electronic control unit (Electronic Control Unit, ECU), in terms of use, it is a special microcomputer controller for automobiles. Like an ordinary computer, it consists of a microprocessor (CPU), memory (ROM, RAM), input/output interface (I/O), analog-to-digital converter (A/D), as well as large-scale integrated circuits such as shaping and driving. composition.

(4)车辆控制单元(Vehicle Control Unit，VCU)，也可以称之为电动汽车整车控制器VCU是电动汽车动力系统的总成控制器，负责协调发动机、驱动电机、变速箱、动力电池等各部件的工作，具有提高车辆的动力性能、安全性能和经济性等作用。是电动汽车整车控制系统的核心部件，是用来控制电动车电机的启动、运行、进退、速度、停止以及电动车的其它电子器件的核心控制器件。VCU作为纯电动汽车控制系统核心的部件，其承担了数据交换、安全管理、驾驶员意图解释、能量流管理的任务。VCU采集电机控制系统信号、加速踏板信号、制动踏板信号及其他部件信号，根据驾驶员的驾驶意图综合分析并作出响应判断后，监控下层的各部件控制器的动作，对汽车的正常行驶、电池能量的制动回馈、网络管理、故障诊断与处理、车辆状态监控等功能起着关键作用。(4) Vehicle Control Unit (VCU), also known as electric vehicle vehicle controller VCU is the assembly controller of electric vehicle power system, responsible for coordinating engine, drive motor, gearbox, power battery, etc. The work of each component has the effect of improving the dynamic performance, safety performance and economy of the vehicle. It is the core component of the electric vehicle control system, and is used to control the start, operation, advance and retreat, speed, stop of the electric vehicle motor and the core control device of other electronic devices of the electric vehicle. As the core component of the pure electric vehicle control system, the VCU undertakes the tasks of data exchange, safety management, driver intention interpretation, and energy flow management. The VCU collects the motor control system signal, accelerator pedal signal, brake pedal signal and other component signals, comprehensively analyzes and makes a response judgment according to the driver's driving intention, and monitors the actions of the lower-level component controllers to ensure the normal driving, The functions of battery energy braking feedback, network management, fault diagnosis and processing, vehicle status monitoring and other functions play a key role.

(5)控制器局域网络(Controller Area Network，CAN)总线，是国际上应用最广泛的现场总线之一。其所具有的高可靠性和良好的错误检测能力受到重视，被广泛应用于汽车计算机控制系统和环境温度恶劣、电磁辐射强和振动大的工业环境。CAN总线是一种应用广泛的现场总线，在工业测控和工业自动化等领域有很大的应用前景。CAN属于总线式串行通信网络，在数据通信方面具有可靠、实时和灵活的优点。(5) Controller Area Network (CAN) bus is one of the most widely used field buses in the world. Its high reliability and good error detection ability are valued, and are widely used in automotive computer control systems and industrial environments with harsh ambient temperature, strong electromagnetic radiation and large vibration. CAN bus is a widely used field bus, which has great application prospects in the fields of industrial measurement and control and industrial automation. CAN is a bus-type serial communication network, which has the advantages of reliability, real-time and flexibility in data communication.

(6)消息验证码(Message Authentication Code，MAC)是通信实体双方使用的一种验证机制，是保证消息数据完整性的一种工具。MAC类似于摘要算法，但是它在计算的时候还要采用一个密钥，因此MAC是基于密钥和消息摘要所获得的一个值，实际上是对消息本身产生一个冗余的信息，可用于数据源认证和完整性校验。(6) Message Authentication Code (MAC) is an authentication mechanism used by both communicating entities, and is a tool to ensure the integrity of message data. The MAC is similar to the digest algorithm, but it also uses a key when calculating, so the MAC is a value obtained based on the key and the message digest, which actually generates a redundant information for the message itself, which can be used for data Origin authentication and integrity checking.

(7)公钥密码(非对称密码)，公钥密码又称为非对称密码，非对称密钥算法是指一个加密算法的加密密钥和解密密钥是不一样的，或者说不能由其中一个密钥推导出另一个密钥。拥有公钥密码的用户分别拥有加密密钥和解密密钥，通过加密密钥不能得到解密密钥。并且加密密钥是公开的。公钥密码就是基于这一原理而设计的，将辅助信息(陷门信息)作为秘密密钥。这类密码的安全强度取决于它所依据的问题的计算复杂度。现在常见的公钥密码有RSA公钥密码、ElGamal公钥密码、椭圆曲线密码。(7) Public key cryptography (asymmetric cryptography), public key cryptography is also known as asymmetric cryptography, asymmetric key algorithm means that the encryption key and decryption key of an encryption algorithm are different, or cannot be determined by one of them. One key derives another key. The user who has the public key password has the encryption key and the decryption key respectively, and the decryption key cannot be obtained through the encryption key. And the encryption key is public. Public key cryptography is designed based on this principle, using auxiliary information (trapdoor information) as a secret key. The security strength of this type of cipher depends on the computational complexity of the problem on which it is based. Now common public key cryptography includes RSA public key cryptography, ElGamal public key cryptography, and elliptic curve cryptography.

(8)对称密码，对称密钥加密又叫专用密钥加密，即发送和接收数据的双方必使用相同的密钥对明文进行加密和解密运算。即加密密钥能够从解密密钥中推算出来，反过来也成立。在大多数对称算法中，加密解密密钥是相同的。这些算法也叫秘密密钥算法或单密钥算法，它要求发送者和接收者在安全通信之前，商定一个密钥。对称算法的安全性依赖于密钥，泄漏密钥就意味着任何人都能对消息进行加密解密。只要通信需要保密，密钥就必须保密。(8) Symmetric encryption, symmetric key encryption is also called private key encryption, that is, both parties sending and receiving data must use the same key to encrypt and decrypt the plaintext. That is, the encryption key can be deduced from the decryption key, and vice versa. In most symmetric algorithms, the encryption and decryption keys are the same. These algorithms, also called secret-key algorithms or single-key algorithms, require the sender and receiver to agree on a key before securely communicating. The security of symmetric algorithms depends on the key, and leaking the key means that anyone can encrypt and decrypt messages. As long as the communication needs to be kept secret, the key must be kept secret.

从上述对对称密钥算法和非对称密钥算法的描述中可看出，对称密钥加解密使用的同一个密钥，或者能从加密密钥很容易推出解密密钥；对称密钥算法具有加密处理简单，加解密速度快，密钥较短，发展历史悠久等特点，非对称密钥算法具有加解密速度慢的特点，密钥尺寸大，发展历史较短等特点。From the above description of the symmetric key algorithm and the asymmetric key algorithm, it can be seen that the same key used for symmetric key encryption and decryption, or the decryption key can be easily deduced from the encryption key; the symmetric key algorithm has The encryption process is simple, the encryption and decryption speed is fast, the key is short, and the development history is long. The asymmetric key algorithm has the characteristics of slow encryption and decryption speed, large key size, and short development history.

(9)密码散列函数(Cryptographic hash function)，又译为加密散列函数，是散列函数的一种。它被认为是一种单向函数，也就是说极其难以由散列函数输出的结果，回推输入的数据是什么。这样的单向函数被称为“现代密码学的驮马”。这种散列函数的输入数据，通常被称为消息(message)，而它的输出结果，经常被称为消息摘要(message digest)或摘要(digest)。在信息安全中，有许多重要的应用，都使用了密码散列函数来实现，例如数字签名，消息认证码。(9) Cryptographic hash function (Cryptographic hash function), also translated as encrypted hash function, is a kind of hash function. It is considered a one-way function, which means that it is extremely difficult for the output of the hash function to push back what the input data is. Such one-way functions are called "the workhorse of modern cryptography". The input data of such a hash function is often called a message, and its output is often called a message digest or digest. In information security, there are many important applications that use cryptographic hash functions to achieve, such as digital signatures, message authentication codes.

(10)终端设备，可以为用户设备(User Equipment，UE)、无线局域网(WirelessLocal Area Networks，WLAN)中的站点(STAION，ST)、蜂窝电话、无线本地环路(WirelessLocal Loop，WLL)站、个人数字处理(Personal Digital Assistant，PDA)设备、具有无线通信功能的手持设备、计算设备或连接到无线调制解调器的其它处理设备、可穿戴设备等。(10) Terminal equipment, which can be user equipment (User Equipment, UE), a station (STAION, ST) in a wireless local area network (Wireless Local Area Networks, WLAN), a cellular phone, a wireless local loop (Wireless Local Loop, WLL) station, Personal Digital Assistant (PDA) devices, handheld devices with wireless communication capabilities, computing devices or other processing devices connected to wireless modems, wearable devices, etc.

(11)原始设备制造商(Original Equipment Manufacturer，OEM)是受托厂商按来样厂商之需求与授权，按照厂家特定的条件而生产，所有的设计图等都完全依照来样厂商的设计来进行制造加工。本申请中的OEM可以为待升级设备的原始制造或生产商，例如，待升级设备为智能车辆，则OEM指车辆制造商。(11) Original Equipment Manufacturer (OEM) is the entrusted manufacturer to produce according to the needs and authorization of the sample manufacturer, according to the specific conditions of the manufacturer, and all the design drawings are completely manufactured according to the design of the sample manufacturer. processing. The OEM in this application may be the original manufacturer or manufacturer of the device to be upgraded. For example, if the device to be upgraded is a smart vehicle, the OEM refers to the vehicle manufacturer.

(12)车载自动诊断系统(On Board Diagnostics，OBD)，为汽车故障诊断而延伸出来的一种检测系统。OBD能在汽车运行过程中实时监测发动机电控系统及车辆的其它功能模块的工作状况，如有发现工况异常，则根据特定的算法判断出具体的故障，并以诊断故障代码(Diagnostic Trouble Codes，DTC)的形式存储在系统内的存储器上。系统自诊断后得到的有用信息可以为车辆的维修和保养提供帮助，维修人员可以根据汽车原厂专用仪器读取故障码，从而可以对故障进行快速定位，以便于对车辆的修理，减少人工诊断的时间。(12) On-board automatic diagnosis system (On Board Diagnostics, OBD), a detection system extended for automobile fault diagnosis. OBD can monitor the working conditions of the engine electronic control system and other functional modules of the vehicle in real time during the operation of the vehicle. , DTC) are stored on the memory in the system. The useful information obtained after the self-diagnosis of the system can provide help for the repair and maintenance of the vehicle. The maintenance personnel can read the fault code according to the original special instrument of the automobile, so as to quickly locate the fault, so as to facilitate the repair of the vehicle and reduce manual diagnosis. time.

首先，为了便于理解本发明实施例，进一步分析并提出本申请所具体要解决的技术问题。在现有技术中，关于设备的安全远程升级(以车辆的远程升级为例)技术，包括多种技术方案，以下示例性的列举如下常用的四种方案。其中，First, in order to facilitate understanding of the embodiments of the present invention, the technical problems to be solved by the present application are further analyzed and proposed. In the prior art, the technology for safe remote upgrade of equipment (taking the remote upgrade of vehicle as an example) includes a variety of technical solutions, and the following four commonly used solutions are exemplarily listed below. in,

方案一：车辆的升级包开发完成后会包含发行单位的签名(例如用预先协商好的私钥进行签名)；车辆通过车内电子控制单元ECU(也可称之为车内控制器)获取该升级包之后，使用预先协商好的公钥进行验证。该验证流程验证了升级包的源可信，即可以验证该升级包是由合法的发行单位发布的。Option 1: After the development of the upgrade package of the vehicle is completed, the signature of the issuing unit will be included (for example, signed with a pre-negotiated private key); the vehicle obtains the After upgrading the package, use the pre-negotiated public key for verification. The verification process verifies that the source of the upgrade package is credible, that is, it can be verified that the upgrade package is released by a legal issuing unit.

该方案一的缺点：只是验证了升级包的源可信，并未包含对车辆的身份与状态进行验证(可能导致不符合条件的车辆下载了不合适的升级包，导致升级失败)，也未包含远程升级包传输时的机密性保护。Disadvantages of this scheme 1: it only verifies that the source of the upgrade package is credible, but does not include verification of the identity and status of the vehicle (which may cause unqualified vehicles to download inappropriate upgrade packages, resulting in upgrade failure), and neither Contains confidentiality protection during remote upgrade package transfer.

方案二：对于车辆升级包通过白盒加密达到机密性、使用哈希算法保证升级包的完整性、使用签名系统保障源可信。Scheme 2: For the vehicle upgrade package, the confidentiality is achieved through white-box encryption, the hash algorithm is used to ensure the integrity of the upgrade package, and the signature system is used to ensure the credibility of the source.

该方案二的缺点：该方案保障了升级包的机密性、完整性与源可信，但没有对车辆身份与状态进行验证。Disadvantage of the second scheme: This scheme guarantees the confidentiality, integrity and source credibility of the upgrade package, but does not verify the identity and status of the vehicle.

方案三：提出在车辆进行升级前的前提条件检测，包含车辆身份与车辆状态。例如，提出进行软件版本的比较，若车载控制器上的版本较旧，则可进行升级包的下载。又例如，软件更新管理提出较多的前提条件检测，并且下载升级包与安装升级包所需要的前提条件可以不同等。Option 3: Propose precondition detection before the vehicle is upgraded, including vehicle identity and vehicle status. For example, it is proposed to compare the software versions, and if the version on the on-board controller is older, the upgrade package can be downloaded. For another example, the software update management proposes more precondition detections, and the preconditions required for downloading the upgrade package and installing the upgrade package may be different.

该方案三的缺点：并没有提供具有强制力的条件检测方式，即检测方式不具有高度强制性，容易被绕过。Disadvantage of the third scheme: there is no mandatory condition detection method, that is, the detection method is not highly mandatory and can be easily bypassed.

方案四：使用密码工具提供高度强制性的前提条件检测。例如，通过加密算法提供升级包的机密性、通过签名提供源可信验证、计算升级包的哈希值提供完整性校验。Option 4: Use a cryptographic tool to provide highly mandatory precondition detection. For example, the confidentiality of the upgrade package is provided by an encryption algorithm, the source trust verification is provided by a signature, and the hash value of the upgrade package is calculated to provide an integrity check.

该方案四的缺点：通用性的密码算法可以检测的条件种类较少，例如使用公钥加密算法时，有公钥密钥对，检测的条件为是否具有该密钥，无法解决多种升级条件的组合状态。Disadvantage of this scheme 4: There are few types of conditions that can be detected by general cryptographic algorithms. For example, when a public key encryption algorithm is used, there is a public key key pair. combined state.

综上，上述四种方案中，均未对车辆的身份和状态进行检测；或者是即使有相关检测，但不是强制性检测，也很容易被绕过；亦或者是即使提供了强制性检测，但是由于是基于通用性的密码算法的检测方式，可提供的检测的条件种类少、不灵活，无法满足车辆升级过程中的实际需求。In summary, in the above four schemes, the identity and status of the vehicle are not detected; or even if there is relevant detection, but it is not mandatory, it can be easily bypassed; or even if mandatory detection is provided, However, since it is a detection method based on a universal cryptographic algorithm, the detection conditions that can be provided are few and inflexible, and cannot meet the actual needs in the vehicle upgrade process.

因此，为了解决当前安全远程升级技术中上述不满足实际业务需求的问题，本申请实际要解决的技术问题包括如下方面：当车辆进行安全远程升级的时候，如何实现一个具有强制力、且可满足多种前提条件检测的升级方案；进一步地，特别是在保障升级包机密性与完整性的前提下，要能够提供具有强制力的车辆身份与状态的前提条件检测。Therefore, in order to solve the above-mentioned problem that the current safe remote upgrade technology does not meet the actual business needs, the technical problems to be solved in this application include the following aspects: A variety of upgrade schemes for precondition detection; further, especially on the premise of ensuring the confidentiality and integrity of the upgrade package, it is necessary to provide mandatory precondition detection of vehicle identity and status.

为了便于理解本发明实施例，以下示例性列举本申请中设备升级方法所应用的设备升级系统的场景，可以包括如下三个场景。To facilitate understanding of the embodiments of the present invention, the following exemplarily enumerates scenarios of the device upgrade system to which the device upgrade method in the present application is applied, which may include the following three scenarios.

场景一，通过服务器对智能家居进行升级管理：Scenario 1, upgrade and manage the smart home through the server:

请参阅图1，图1为本发明实施例提供的一种基于物联网的智能家居升级系统的架构图，该应用场景中包括服务器(图1中以物联网服务器为例)、通信设备(图1中小区网关为例)、控制设备(图1中以家庭网关为例)和多个待升级设备(图1中以智能窗帘、智能窗户、智能电视和智能空调为例)，其中，智能窗帘、智能窗户、智能电视和智能空调和家庭网关之间可以通过蓝牙、NFC、Wi-Fi或移动网络等无线通信方式进行通信，家庭网关则通过互联网接入小区网关和物联网服务器。当多个待升级的智能家居设备中的任意一个智能家居设备有升级需求时，可通过在升级请求中携带自身的属性集合向物联网服务器发起请求。例如，智能空调将携带有自身的型号、固件版本、软件版本的升级请求通过家庭网关以及小区网关发送至物联网服务器之后，物联网服务器则根据该智能空调的型号、固件版本、软件版本等，生成与该空调匹配的访问策略，再基于属性加密算法，根据该访问策略与约定的公钥对升级包进行加密得到升级包密文，再通过小区网关、家庭网关发送至该空调进行升级。由于该升级包密文是基于智能空调的属性集合进行的属性加密处理的。因此，只有拥有该属性集合对应的属性密钥的智能空调才可以正确解密升级包。并且，进一步地，该升级包可以是根据属性集合的特征进行匹配的，因此可以确保该智能空调可以精确下载符合其需求的升级包并升级。Please refer to FIG. 1. FIG. 1 is an architecture diagram of a smart home upgrade system based on the Internet of Things provided by an embodiment of the present invention. The application scenario includes a server (the Internet of Things server is taken as an example in FIG. 1), a control device (a home gateway is used as an example in Figure 1), and multiple devices to be upgraded (in Figure 1, a smart curtain, a smart window, a smart TV, and a smart air conditioner are used as examples). Among them, smart curtains , smart windows, smart TVs, smart air conditioners and home gateways can communicate through wireless communication methods such as Bluetooth, NFC, Wi-Fi or mobile networks, and home gateways can access cell gateways and IoT servers through the Internet. When any one of the plurality of smart home devices to be upgraded has an upgrade requirement, a request may be initiated to the Internet of Things server by carrying its own attribute set in the upgrade request. For example, after the smart air conditioner sends an upgrade request carrying its own model, firmware version, and software version to the IoT server through the home gateway and the cell gateway, the IoT server will, based on the smart air conditioner's model, firmware version, software version, etc., An access policy matching the air conditioner is generated, and based on the attribute encryption algorithm, the upgrade package is encrypted according to the access policy and the agreed public key to obtain the upgrade package ciphertext, which is then sent to the air conditioner through the cell gateway and home gateway for upgrade. Because the ciphertext of the upgrade package is processed based on attribute encryption of the attribute set of the smart air conditioner. Therefore, only the smart air conditioner with the attribute key corresponding to the attribute set can correctly decrypt the upgrade package. And, further, the upgrade package can be matched according to the characteristics of the attribute set, so it can be ensured that the smart air conditioner can accurately download and upgrade the upgrade package that meets its needs.

场景二，通过服务器对智能车辆进行一对多升级管理，且待升级设备的升级请求由待升级设备自身向服务器发起：Scenario 2, one-to-many upgrade management is performed on the smart vehicle through the server, and the upgrade request of the device to be upgraded is initiated by the device to be upgraded itself to the server:

请参见图2，图2是本发明实施例提供的一种车载设备升级应用场景的示意图。该应用场景中包括服务器(例如升级服务器)和多个待升级设备(例如智能车辆)，升级服务器和智能车辆之间可以通过Wi-Fi和移动网络等进行通信。其中，升级服务器可以对多个合法注册的智能车辆进行升级管理，完成关于升级包的提供、下载更新等相关服务。当多个待升级的智能车辆中的任意一个智能车辆有升级需求时，可通过在升级请求中携带自身的属性集合向升级服务器发起请求。例如，智能车辆将携带有自身的车辆身份码、引擎号、车型流水号、车辆部件的硬件版本号和软件版本号的升级请求发送至服务器之后，服务器则根据该智能车辆的车辆身份码、引擎号、车型流水号、车辆部件的硬件版本号和软件版本号等，生成与该智能车辆匹配的访问策略，再基于属性加密算法，根据该访问策略与约定的公钥对升级包进行加密得到升级包密文，再发送至该智能车辆进行升级。由于该升级包密文是基于该智能车辆的属性集合进行的属性加密处理的。因此，只有拥有该属性集合对应的属性密钥的智能车辆才可以正确解密升级包。并且，进一步地，该升级包可以是根据属性集合的特征进行匹配的，因此可以确保该智能车辆可以精确下载符合其需求的升级包并升级。Referring to FIG. 2 , FIG. 2 is a schematic diagram of an application scenario of in-vehicle device upgrade provided by an embodiment of the present invention. The application scenario includes a server (for example, an upgrade server) and a plurality of devices to be upgraded (for example, a smart vehicle). The upgrade server and the smart vehicle can communicate through Wi-Fi and a mobile network. Among them, the upgrade server can perform upgrade management on multiple legally registered smart vehicles, and complete related services such as providing upgrade packages, downloading and updating. When any one of the multiple intelligent vehicles to be upgraded has an upgrade requirement, a request can be initiated to the upgrade server by carrying its own attribute set in the upgrade request. For example, after a smart vehicle sends an upgrade request carrying its own vehicle identification code, engine number, model serial number, hardware version number and software version number of vehicle components to the server, the server will number, model serial number, hardware version number and software version number of vehicle components, etc., to generate an access policy that matches the intelligent vehicle, and then based on the attribute encryption algorithm, encrypt the upgrade package according to the access policy and the agreed public key to get the upgrade. Packet ciphertext, and then send it to the smart vehicle for upgrade. Because the ciphertext of the upgrade package is processed based on the attribute encryption of the attribute set of the intelligent vehicle. Therefore, only the smart vehicle with the attribute key corresponding to the attribute set can correctly decrypt the upgrade package. And, further, the upgrade package can be matched according to the characteristics of the attribute set, so it can be ensured that the smart vehicle can accurately download and upgrade the upgrade package that meets its needs.

而智能车辆除了在向服务器发起升级请求时携带自身的属性集合以外，还可以根据例如升级服务器上新增一个逻辑功能实体，该逻辑功能实体用于存储第一密钥以及执行第一安全处理，对车辆内部的升级文件的存储或传输进行安全强化，保证车辆的升级安全。In addition to carrying its own attribute set when initiating an upgrade request to the server, the smart vehicle can also add a logical function entity to the upgrade server according to, for example, the logical function entity being used to store the first key and perform the first security processing, Strengthen the storage or transmission of upgrade files inside the vehicle to ensure the safety of vehicle upgrades.

场景三，通过终端设备对智能车辆进行一对一管理，待升级设备的升级请求由匹配的终端设备向服务器发起：Scenario 3: One-to-one management of smart vehicles is performed through terminal devices, and the upgrade request of the device to be upgraded is initiated by the matching terminal device to the server:

请参见图3，图3是本发明实施例提供的另一种车载设备升级应用场景的示意图，该应用场景中包括终端设备(例如智能手机)、待升级设备(例如智能车辆)和服务器(例如升级服务器)，智能手机和智能车辆之间可以通过蓝牙、NFC、Wi-Fi和移动网络等进行通信，升级服务器和终端设备之间可以通过Wi-Fi和移动网络等进行通信。其中，智能手机和智能车辆之间可以建立一对一的匹配关系，例如通过智能车辆的车牌或唯一标识与终端设备的身份识别卡或者合法账号进行匹配，匹配完成后，智能手机和智能车辆之间便可以合作执行本申请中发起本申请中的升级请求的流程，从而实现用户通过智能手机对驾驶的车辆进行升级管理，保证车辆的升级安全。在另一种可能的实现方式中，智能手机和智能车辆之间可以建立一对多的匹配关系，例如一个用户可以同时拥有并管理多个车辆，也可以是一个用户对多个不同用户的车辆进行管理。比如4S店的员工，通过专用的终端设备对店内的同一个型号的所有车辆进行系统升级，或者某个用户通过自己的终端设备对附近的与其建立了匹配关系的智能车辆进行升级包的提供或管理等，以实现一个设备同时管理多个智能车辆的应用场景，节省时间、节省网络传输带宽以及存储资源，并且保证车辆的升级安全。可以理解的是，在一对多的管理中，需要该终端设备中预先存储有该多个车辆的相关信息，或者是该多个车辆向终端设备证明其合法性以及与该终端设备之间存在服务关系。在该场景三中的两种实现方式中，例如，智能手机将携带有属性集合如智能手机的手机号、识别码，智能车辆的身份码、引擎号、车型流水号、车辆部件的硬件版本号和软件版本号的升级请求发送至服务器之后，服务器则根据上述属性集合生成与该智能手机和智能车辆匹配的访问策略，再基于属性加密算法，根据该访问策略与约定的公钥对升级包进行加密得到升级包密文，再发送至智能手机或者智能车辆进行升级。由于该升级包密文是基于该智能手机和智能车辆的属性集合进行的属性加密处理的。因此，只有拥有该属性集合对应的属性密钥的智能手机或智能车辆才可以正确解密升级包，也即是通过合法智能手机协助其匹配的智能车辆进行设备升级。并且，进一步地，该升级包可以是根据属性集合的特征进行匹配的，因此可以确保该智能车辆可以精确下载符合其需求的升级包并升级。Please refer to FIG. 3 . FIG. 3 is a schematic diagram of another application scenario of in-vehicle device upgrade provided by an embodiment of the present invention. The application scenario includes a terminal device (such as a smart phone), a device to be upgraded (such as a smart vehicle), and a server (such as The upgrade server), the smart phone and the smart vehicle can communicate through Bluetooth, NFC, Wi-Fi and mobile network, etc., and the upgrade server and the terminal device can communicate through Wi-Fi and mobile network. Among them, a one-to-one matching relationship can be established between the smart phone and the smart vehicle, for example, the license plate or unique identifier of the smart vehicle is matched with the identification card or legal account number of the terminal device. The process of initiating the upgrade request in the present application can be performed cooperatively between the two devices, so that the user can upgrade and manage the driving vehicle through the smart phone, so as to ensure the safety of the upgrade of the vehicle. In another possible implementation, a one-to-many matching relationship can be established between a smartphone and a smart vehicle. For example, a user can own and manage multiple vehicles at the same time, or a user can match multiple vehicles of different users. to manage. For example, employees of a 4S store can upgrade the system of all vehicles of the same model in the store through a dedicated terminal device, or a user can provide upgrade packages for nearby smart vehicles that have established a matching relationship with him through his terminal device or Management, etc., to realize the application scenario of one device managing multiple smart vehicles at the same time, saving time, network transmission bandwidth and storage resources, and ensuring the safety of vehicle upgrades. It can be understood that, in one-to-many management, the terminal device needs to pre-store the relevant information of the multiple vehicles, or the multiple vehicles must prove to the terminal device their legitimacy and the existence of the relationship with the terminal device. service relationship. In the two implementations in the third scenario, for example, the smart phone will carry a set of attributes such as the mobile phone number and identification code of the smart phone, the identification code of the smart vehicle, the engine number, the model serial number, and the hardware version number of the vehicle components. After the upgrade request with the software version number is sent to the server, the server generates an access policy matching the smart phone and the smart vehicle according to the above attribute set, and then based on the attribute encryption algorithm, according to the access policy and the agreed public key. Encrypt to get the ciphertext of the upgrade package, and then send it to the smartphone or smart vehicle for upgrade. Because the ciphertext of the upgrade package is processed based on attribute encryption of the attribute set of the smart phone and the smart vehicle. Therefore, only the smart phone or smart vehicle that has the attribute key corresponding to the attribute set can correctly decrypt the upgrade package, that is, to assist its matched smart vehicle to upgrade the device through a legitimate smart phone. And, further, the upgrade package can be matched according to the characteristics of the attribute set, so it can be ensured that the smart vehicle can accurately download and upgrade the upgrade package that meets its needs.

可以理解的是，图1、图2和图3中的应用场景的只是本发明实施例中的几种示例性的实施方式，本发明实施例中的应用场景包括但不仅限于以上应用场景。本申请中的设备升级方法还可以应用于，例如，服务器管理不同型号的智能手机的批量系统升级、智能手机管理智能穿戴设备进行设备升级、智能医疗服务器管理智能医疗器械进行设备升级、工厂管控服务器管理智能机器的设备升级等场景，其它场景及举例将不再一一列举和赘述。It can be understood that the application scenarios in FIG. 1 , FIG. 2 , and FIG. 3 are only several exemplary implementations in the embodiments of the present invention, and the application scenarios in the embodiments of the present invention include but are not limited to the above application scenarios. The device upgrade method in the present application can also be applied to, for example, the server manages batch system upgrades of different types of smart phones, smart phones manage smart wearable devices for device upgrades, smart medical servers manage smart medical devices for device upgrades, factory control servers Scenarios such as device upgrades for managing smart machines, and other scenarios and examples will not be listed and described in detail.

结合上述应用场景，下面先对本发明实施例所基于的其中一种设备升级系统架构进行描述。请参见图4，图4是本发明实施例提供的一种设备升级系统架构示意图(简称为架构一)，对应上述场景二。本申请提供的设备升级方法可以应用于该系统架构。该系统架构中包含了升级服务器、智能车辆。其中，智能车辆包括车载控制设备和一个或多个待升级车载单元，车载控制设备可以包括车载信息服务单元(Telematics box，TBox)和车载主控制器(Primary Electronic Control Unit，ECU)，用于管理和辅助多个待升级车载单元的升级过程。一个或多个待升级车载单元可包括如图4中所示的人机界面(Human MachineInterface，HMI)、电池管理系统(Battery Manage System，BMS)、车载辅助ECU1(SecondaryECU1)、车载辅助ECU2(Secondary ECU2)等，可选的，还可以包括图4中未示出的车载自诊断系统II(the Second On-Board Diagnostics，OBDII)、高级驾驶辅助系统主控制器(Advanced Driving Assistant System Main Controller，ADAS Main Controller)、车辆控制器单元(Vehicle Controller Unit，VCU)、车身控制器(Body Controller)等车内部件。可选的，上述车内各个部件可由各种车内总线相连接。在上述系统架构下，智能车辆远程升级可以包括以下基本过程：升级包发布，升级包获取，升级包传输，升级与确认等。其中，In combination with the above application scenarios, one of the device upgrade system architectures on which the embodiments of the present invention are based will be described below. Referring to FIG. 4 , FIG. 4 is a schematic diagram of the architecture of a device upgrade system provided by an embodiment of the present invention (referred to asarchitecture 1 for short), which corresponds to the above-mentioned second scenario. The device upgrade method provided in this application can be applied to this system architecture. The system architecture includes upgrade servers and intelligent vehicles. Wherein, the intelligent vehicle includes an on-board control device and one or more on-board units to be upgraded. The on-board control device may include a telematics box (TBox) and an on-board main controller (Primary Electronic Control Unit, ECU) for managing And assist the upgrade process of multiple on-board units to be upgraded. One or more on-board units to be upgraded may include a human-machine interface (Human Machine Interface, HMI), a battery management system (Battery Management System, BMS), an on-board auxiliary ECU1 (Secondary ECU 1 ), and an on-board auxiliary ECU 2 (Secondary ECU 2 ) as shown in FIG. 4 . ECU2), etc., optionally, it can also include the on-board self-diagnosis system II (the Second On-Board Diagnostics, OBDII) not shown in FIG. 4 , the Advanced Driving Assistant System Main Controller (Advanced Driving Assistant System Main Controller, ADAS) Main Controller), vehicle controller unit (Vehicle Controller Unit, VCU), body controller (Body Controller) and other interior components. Optionally, the various components in the vehicle may be connected by various in-vehicle buses. Under the above system architecture, the remote upgrade of the intelligent vehicle may include the following basic processes: upgrade package release, upgrade package acquisition, upgrade package transmission, upgrade and confirmation, etc. in,

升级服务器，可以用于从开发者处获取未经过加密的车载升级包，该车载升级包可包括本申请中的目标升级包，可用于对应的待升级车载单元进行升级。可选的，升级服务器还用于生成升级服务器和智能车辆之间所使用的密钥，包括公钥、主密钥和多个属性密钥等。The upgrade server can be used to obtain an unencrypted on-board upgrade package from the developer. The on-board upgrade package can include the target upgrade package in this application, and can be used to upgrade the corresponding on-board unit to be upgraded. Optionally, the upgrade server is further configured to generate a key used between the upgrade server and the smart vehicle, including a public key, a master key, and multiple attribute keys.

车载控制设备中的TBox，负责对外通信，例如与终端设备、与升级服务器之间的通信等。在车辆进行远程升级时，可以与服务器交互获得密钥、升级包，以及将密钥、升级包传输给车载主控制器Primary ECU等。The TBox in the in-vehicle control device is responsible for external communication, such as communication with the terminal device and the upgrade server. When the vehicle is remotely upgraded, it can interact with the server to obtain the key and the upgrade package, and transmit the key and the upgrade package to the primary ECU of the vehicle main controller.

车载控制设备中的车载主控制器Primary ECU，负责与车载内的多个待升级车载单元进行通信，其主要功能是管理和辅助待升级车载单元的升级过程。具体来说，PrimaryECU可以具有如下功能：密钥获取及管理，例如，经由TBox从服务器处获取公钥、属性密钥(可选的，也可以获取主密钥，并生成属性密钥)等，并进行存储。升级包的获取与解密，例如，经由TBox从服务器处获取目标升级包密文，并根据其所存储的属性密钥对接收到的目标升级包密文进行解密，最终将解密后的目标升级包发送给对应的待升级车载单元进行升级。可选的，Primary ECU是逻辑实体，物理上可以部署任何功能强大的单元或模块上，例如TBox、Gateway、VCU上等。The on-board main controller Primary ECU in the on-board control device is responsible for communicating with multiple on-board units to be upgraded in the on-board vehicle, and its main function is to manage and assist the upgrade process of the on-board units to be upgraded. Specifically, PrimaryECU can have the following functions: key acquisition and management, for example, obtaining public key and attribute key from the server via TBox (optionally, the master key can also be obtained, and the attribute key can be generated), etc., and store it. Obtaining and decrypting the upgrade package, for example, obtain the target upgrade package ciphertext from the server via TBox, and decrypt the received target upgrade package ciphertext according to the stored attribute key, and finally decrypt the decrypted target upgrade package Send it to the corresponding on-board unit to be upgraded for upgrade. Optionally, the Primary ECU is a logical entity that can be physically deployed on any powerful unit or module, such as TBox, Gateway, VCU, etc.

如图5所示，图5为本发明实施例提供的另一种设备升级系统架构示意图(简称为架构二)，对应上述场景三。该系统架构中，还包括了终端设备，其中，As shown in FIG. 5 , FIG. 5 is a schematic diagram of another device upgrade system architecture (referred to as architecture 2 for short) according to an embodiment of the present invention, which corresponds to the foregoing scenario 3. The system architecture also includes terminal equipment, among which,

终端设备，可与升级服务器或者智能车辆之间进行通信，可负责完成升级请求的发送，以及根据自身的存储能力和计算能力参与到公钥、属性密钥的存储，或主密钥的存储、属性密钥的计算，以及目标升级包密文的获取和安全处理等过程，以实现计算扩展和安全强化。进一步地，终端设备还用于从资源扩展以及升级控制等角度，参与到智能车辆的安全升级过程中来。例如，根据自身的存储能力协助储存属性集合(如各个待升级车载单元软/固件信息，当前版本、大小、开发者等)，备份文件(如待升级车载单元软/固回滚版)与车机系统状况，以完成储存扩展。另外，终端设备还可以作为软/固件升级的远程控制console端(让用户选择是否升级、升级时间、单点或群组升级模式等)，以实现用户远程控制升级。The terminal device can communicate with the upgrade server or the smart vehicle, and can be responsible for completing the sending of upgrade requests, and participating in the storage of public keys, attribute keys, or the storage of master keys, according to its own storage and computing capabilities. The calculation of attribute keys, and the acquisition and security processing of the ciphertext of the target upgrade package are used to achieve calculation expansion and security enhancement. Further, the terminal device is also used to participate in the security upgrade process of the intelligent vehicle from the perspective of resource expansion and upgrade control. For example, according to its own storage capacity, it helps to store attribute sets (such as software/firmware information of each on-board unit to be upgraded, current version, size, developer, etc.), backup files (such as soft/solid rollback version of on-board unit to be upgraded) and car machine system status to complete storage expansion. In addition, the terminal device can also be used as a remote control console terminal for software/firmware upgrade (allowing users to choose whether to upgrade, upgrade time, single-point or group upgrade mode, etc.), so as to realize the user's remote control and upgrade.

基于上述对本发明实施例提供的架构一和架构二的描述，进一步对上述架构中所涉及的模块或设备的结构进行描述。其中，Based on the foregoing descriptions of the first and second architectures provided by the embodiments of the present invention, the structures of the modules or devices involved in the foregoing architectures are further described. in,

Primary ECU的结构可以如图6所示，图6是本发明实施例提供的一种Primary ECU的结构示意图。其中，Primary ECU可以包括处理器CPU以及相关的易失性存储器RAM和非易时性存储器ROM；用于存放密钥的安全存储，如从服务器处获取的公钥和一个或多个属性密钥，或者主密钥等；用于存储远程升级OTA管理程序的存储器，该OTA管理程序用于实现对升级过程的管理；用于通过CAN bus或其他车内网络与其他车载设备通信的网络接口。可以理解的是，如果Primary ECU实现在TBox上，它还需要有与外部网络通信的网络接口。即Primary ECU应有较强的计算能力和较多资源辅助车载设备完成远程升级，并被其他车载设备信任。从逻辑架构上划分，Primary ECU把该架构分为车外通信部分和车内通信部分。车内部分的各设备无需进行公钥密码操作而只需进行对称密码操作；如涉及公钥密钥操作，则代理给Primary ECU，以减少车载内待升级单元的计算量和计算复杂度。The structure of the Primary ECU may be shown in FIG. 6 , which is a schematic structural diagram of a Primary ECU provided by an embodiment of the present invention. Among them, Primary ECU may include processor CPU and related volatile memory RAM and non-volatile memory ROM; secure storage for storing keys, such as public key and one or more attribute keys obtained from the server , or master key, etc.; a memory for storing a remote upgrade OTA management program, which is used to manage the upgrade process; a network interface for communicating with other in-vehicle devices through CAN bus or other in-vehicle networks. Understandably, if the Primary ECU is implemented on the TBox, it also needs to have a network interface to communicate with the external network. That is, the Primary ECU should have strong computing power and more resources to assist the on-board equipment to complete the remote upgrade, and be trusted by other on-board equipment. Divided from the logical architecture, the Primary ECU divides the architecture into an external communication part and an in-vehicle communication part. The devices in the car do not need to perform public key cryptography operations, but only need to perform symmetric cryptography operations; if public key key operations are involved, they are delegated to the Primary ECU to reduce the amount of computation and computational complexity of the units to be upgraded in the car.

智能车辆中任意一个待升级车载单元的构成可以如图7所示，图7是本发明实施例提供的一种待升级车载单元的结构示意图。待升级车载单元可以包括微型控制器(Microcontrolller)，CAN控制器(CAN controller)和收发器(Transceiver)。其中，待升级车载单元通过收发器Transceiver与车内网络如CAN bus通信，CAN controller则用于实现CAN协议，微型控制器则用于实现待升级以及升级后的相关的计算处理。结合上述结构示意图，在本申请中，待升级车载单元基于车内网络如CAN bus，通过收发器(Transceiver)接收车载控制设备发送的解密后的目标升级包，并通过微型控制器(Micro Controlller)进行安全升级。The structure of any on-board unit to be upgraded in the smart vehicle may be as shown in FIG. 7 , which is a schematic structural diagram of an on-board unit to be upgraded according to an embodiment of the present invention. The on-board unit to be upgraded may include a Microcontroller, a CAN controller and a Transceiver. The on-board unit to be upgraded communicates with the in-vehicle network such as CAN bus through the transceiver Transceiver, the CAN controller is used to implement the CAN protocol, and the microcontroller is used to implement the to-be-upgraded and related calculation processing after the upgrade. In combination with the above-mentioned schematic structural diagram, in this application, the on-board unit to be upgraded is based on the in-vehicle network such as CAN bus, receives the decrypted target upgrade package sent by the on-board control device through the transceiver (Transceiver), and uses the microcontroller (Micro Controlller) to receive the decrypted target upgrade package. Perform security upgrades.

终端设备的构成可以参考图8，图8是本发明实施例提供的一种终端设备的结构示意图。该终端设备可包括处理器CPU以及相关的易失性存储器RAM和非易时性存储器ROM；其中，ROM可用于存储OTA管理程序、属性信息、属性密钥等；该OTA管理程序可用于实现对设备升级过程的管理；无线通信模块可用于与其它设备(包括智能车辆以及升级服务器等)进行通信；显示及输入外设用于为用户提供车载升级交互控制界面的显示及输入，如音频输入输出模块、按键或触摸输入模块以及显示器等。For the structure of the terminal device, reference may be made to FIG. 8 , which is a schematic structural diagram of a terminal device according to an embodiment of the present invention. The terminal device can include a processor CPU and related volatile memory RAM and non-volatile memory ROM; wherein, the ROM can be used to store the OTA management program, attribute information, attribute keys, etc.; the OTA management program can be used to realize the The management of the equipment upgrade process; the wireless communication module can be used to communicate with other equipment (including smart vehicles and upgrade servers, etc.); the display and input peripherals are used to provide users with the display and input of the vehicle upgrade interactive control interface, such as audio input and output modules, key or touch input modules and displays, etc.

可选的，上述架构一或架构二中还可以包括开发者，开发者在固件/软件发布的开发和测试升级程序后，将车载升级包交付给升级服务器，该交付的车载升级包需要经过数字签名。可选的，在经过数字签名之前，还可以对该车载升级包经过加密。若经过加密则上述系统架构还可以包括密钥服务器，用于提供开发者和升级服务器之间传输所使用的密钥。可以理解的是，图4和图5中的设备升级系统架构只是本发明实施例中的两种示例性的实施方式，本发明实施例中的设备升级系统架构包括但不仅限于以上设备升级系统架构。Optionally, the above-mentionedframework 1 or framework 2 may also include a developer, and the developer delivers the on-board upgrade package to the upgrade server after the firmware/software is released to develop and test the upgrade program, and the delivered on-board upgrade package needs to go through a digital sign. Optionally, before being digitally signed, the on-board upgrade package may also be encrypted. If encrypted, the above-mentioned system architecture may further include a key server, which is used to provide a key used for transmission between the developer and the upgrade server. It can be understood that the device upgrade system architectures in FIG. 4 and FIG. 5 are only two exemplary implementations in the embodiments of the present invention, and the device upgrade system architectures in the embodiments of the present invention include but are not limited to the above device upgrade system architectures. .

下面结合上述应用场景、系统架构以及本申请中提供的设备升级方法，以待升级设备为智能车辆/车载系统为例，对本申请中提出的技术问题进行具体分析和解决。In the following, the technical problems raised in this application are specifically analyzed and solved by taking the device to be upgraded as an intelligent vehicle/vehicle system as an example in combination with the above application scenarios, system architecture and the device upgrading method provided in this application.

请参见图9，图9是本发明实施例提供的一种设备升级方法的流程示意图，该设备升级方法可应用于上述系统架构一或系统架构二，且适用于上述图1、图2或图3中的任意一种应用场景。下面将结合附图9从服务器与待升级设备的交互侧进行描述，该方法可以包括以下步骤S901-步骤S903。Please refer to FIG. 9. FIG. 9 is a schematic flowchart of a device upgrading method provided by an embodiment of the present invention. The device upgrading method can be applied to the above-mentionedsystem architecture 1 or system architecture 2, and is applicable to the above-mentioned FIG. 1, FIG. 2 or FIG. 3 any of the application scenarios. The interaction side between the server and the device to be upgraded will be described below with reference to FIG. 9. The method may include the following steps S901-S903.

步骤S901：服务器根据待升级设备的属性集合生成针对所述待升级设备的访问策略。Step S901: The server generates an access policy for the device to be upgraded according to the attribute set of the device to be upgraded.

具体地，以下主要以智能车辆/车载系统升级的场景为例进行描述，即待升级设备可以为智能车辆/车载系统，服务器可以为原始设备制造商OEM(即车厂)的升级服务器。由于本发明实施例中，每个待升级设备都拥有一个反映自身身份和状态的属性集合(该属性集合为非空集合)，以及该属性集合对应的密钥集合。该属性集合可包括该待升级设备的一个或多个属性信息，该属性信息可以为用于表征该待升级设备的身份或者状态的信息，例如属性信息为车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号中的一种或者多种。该属性集合用于后续服务器根据该属性集合进行升级包的处理，进而确保只有身份与状态均符合条件的待升级设备，才可以获得匹配的升级包。既避免了不满足条件的待升级设备非法获得升级包，也避免了不符合升级条件的待升级设备进行错误的下载或升级。相当于不同待升级设备或每一类待升级设备都可以有其个性化的特性及升级需求。在本发明实施例中，服务器需要根据待升级设备的属性集合生成针对该待升级设备的访问策略(access control policy)，也可称之为访问结构、访问控制策略等。也即是访问策略限定了获得目标升级包的前提条件，换句话说，访问策略定义了具备哪些属性信息的设备可以解密目标升级包，或者不具备哪些属性信息的设备无法解密目标升级包。可以理解为，该访问策略是针对目标升级包进行前提条件的设定，并且将该前提条件组合转换成访问策略，用于对目标升级包进行加密。例如，服务器根据属性集合生成针对待升级设备的访问策略具体包括：服务器根据属性集合确定目标升级包；服务器确定目标升级包对应的升级条件，并将升级条件组合后转换为访问策略。即服务器根据升级请求中的属性集合确定与该待升级设备匹配的目标升级包，并针对该目标升级包定义升级的前提条件，再将升级的前提条件经过组合转换后确定为访问策略，从而使得后续可以根据该访问策略对目标升级包进行加密，以实现对待升级设备的升级条件(例如身份、状态等)的强制力检测。Specifically, the following description mainly takes the scenario of smart vehicle/vehicle system upgrade as an example, that is, the device to be upgraded may be an intelligent vehicle/vehicle system, and the server may be an upgrade server of an original equipment manufacturer (ie, a car factory). Because in this embodiment of the present invention, each device to be upgraded has an attribute set reflecting its own identity and status (the attribute set is a non-empty set), and a key set corresponding to the attribute set. The attribute set may include one or more attribute information of the device to be upgraded, and the attribute information may be information used to characterize the identity or state of the device to be upgraded, for example, the attribute information is vehicle identification code, engine number, license plate number, One or more of the model serial number, the hardware version number of the vehicle component, and the software version number of the vehicle component. The attribute set is used for the subsequent server to process the upgrade package according to the attribute set, thereby ensuring that only the devices to be upgraded whose identity and status meet the conditions can obtain the matching upgrade package. It not only prevents the device to be upgraded that does not meet the conditions from illegally obtaining the upgrade package, but also prevents the device to be upgraded that does not meet the upgrade conditions from downloading or upgrading by mistake. Equivalent to different equipment to be upgraded or each type of equipment to be upgraded can have its own individual characteristics and upgrade requirements. In the embodiment of the present invention, the server needs to generate an access control policy (access control policy) for the device to be upgraded according to the attribute set of the device to be upgraded, which may also be referred to as an access structure, an access control policy, or the like. That is, the access policy defines the prerequisites for obtaining the target upgrade package. In other words, the access policy defines which attribute information devices can decrypt the target upgrade package, or devices without which attribute information cannot decrypt the target upgrade package. It can be understood that the access policy is to set preconditions for the target upgrade package, and the combination of preconditions is converted into an access policy for encrypting the target upgrade package. For example, generating the access policy for the device to be upgraded by the server according to the attribute set specifically includes: the server determines the target upgrade package according to the attribute set; the server determines the upgrade conditions corresponding to the target upgrade package, and converts the combination of the upgrade conditions into the access policy. That is, the server determines the target upgrade package that matches the device to be upgraded according to the attribute set in the upgrade request, defines the upgrade prerequisites for the target upgrade package, and then determines the upgrade prerequisites as the access policy after combining and transforming them, so that the Subsequently, the target upgrade package can be encrypted according to the access policy, so as to implement the mandatory force detection of upgrade conditions (eg, identity, status, etc.) of the device to be upgraded.

例如，当待升级设备的属性集合包括智能车辆的身份码1234、车型流水号12345、引擎号1234567、TBox的软件版本号V1、人机界面HMI软件版本号V3、电池管理系统BMS软件版本V2”。服务器通过属性集合中的车辆的身份码1234确定该车辆为合法的智能车辆，然后基于车型流水号12345获取该型号智能车辆当前对应的最新软件版本，经过比较，发现该车型当前对应的最新版本为TBox的软件版本号V2、人机界面HMI软件版本号V3、电池管理系统BMS软件版本V2，因此确定该智能车辆需要更新的升级包为将TBox的软件版本从V1更新到V2。因此，服务器根据该属性集合生成的访问策略可以为“引擎号码为1234567并且TBox的软件版本号为V1”，也即是强制限定只有满足引擎号码为1234567且TBox的软件版本号为V1的智能车辆才能进行解密，或者，该访问策略也可以为“车型流水号12345并且TBox的软件版本号为V1”，也即是限定车型为12345类型且TBox的软件版本号为V1的一类智能车辆，均可以进行解密。总之，服务器根据待升级设备的属性集合生成的访问策略，可以是只针对该待升级设备的，也可以是针对包括该待升级设备在内的某一个类型的待升级设备。且其具体生成的访问策略的规则依据实际的升级场景以及升级规则不同而不同，本发明实施例对如何根据属性集合生成对应的访问策略不作具体限定。For example, when the attribute set of the device to be upgraded includes the identity code 1234 of the smart vehicle, the model serial number 12345, the engine number 1234567, the software version number V1 of the TBox, the HMI software version number V3, and the battery management system BMS software version V2” .The server determines that the vehicle is a legal smart vehicle through the identity code 1234 of the vehicle in the attribute set, and then obtains the latest software version currently corresponding to the smart vehicle of this model based on the model serial number 12345. After comparison, it is found that the current version corresponding to the model is the latest version. It is the software version number V2 of TBox, the HMI software version number V3, and the BMS software version V2 of the battery management system. Therefore, it is determined that the upgrade package that the intelligent vehicle needs to be updated is to update the software version of the TBox from V1 to V2. Therefore, the server The access policy generated according to the attribute set can be "the engine number is 1234567 and the software version number of the TBox is V1", that is, only the intelligent vehicle that meets the engine number is 1234567 and the software version number of the TBox is V1 can be decrypted , or, the access policy can also be "model serial number 12345 and TBox software version number is V1", that is, a class of smart vehicles whose vehicle model is limited to 12345 type and TBox software version number is V1, can be decrypted In short, the access policy generated by the server according to the attribute set of the device to be upgraded can be only for the device to be upgraded, or it can be for a certain type of device to be upgraded including the device to be upgraded. And its specific generation The rules of the access policy vary according to the actual upgrade scenario and the upgrade rules, and the embodiment of the present invention does not specifically limit how to generate the corresponding access policy according to the attribute set.

可选的，属性集合中可以包含静态属性信息或动态属性信息，静态属性信息包含智能车辆身份码、引擎编号、生产序号等随着时间不会变化的信息；动态属性信息包含智能车辆的部件的生产序号、部件的身份码、部件所使用的硬件版本、软件版本等随着时间可能会有变化的信息。例如，当如智能车辆需要进行电池管理系统BMS的升级时，则该属性集合可以为包括该智能车辆的静态属性信息：身份码、车型流水号、电池管理系统BMS的硬件版本号，以及动态属性信息：BMS的软件版本号。Optionally, the attribute set may include static attribute information or dynamic attribute information. The static attribute information includes information that will not change over time, such as the ID code of the intelligent vehicle, engine number, and production serial number; the dynamic attribute information includes the information of the components of the intelligent vehicle. The production serial number, the identification code of the part, the hardware version and software version used by the part may change over time. For example, when an intelligent vehicle needs to upgrade the BMS of the battery management system, the attribute set may include static attribute information of the intelligent vehicle: identity code, model serial number, hardware version number of the BMS of the battery management system, and dynamic attributes Information: The software version number of the BMS.

在一种可能的实现方式中，服务器在生成访问策略之前通过获取包括待升级设备的属性集合的升级请求，来确定上述待升级设备的属性集合。例如，升级请求可以为针对智能车辆/车载系统中的一个或多个待升级车载单元(例如人机界面HMI、电池管理系统BMS、电子控制单元等)的升级请求。即可以通过在待升级设备的升级请求中携带该待升级设备的属性集合(包含该设备的一个或多个属性信息)的方式，使得服务器获知该待升级设备的属性集合。可选的，也可以通过服务器预存储的待升级设备的属性集合或者通过其他途径获得的待升级设备的属性集合进行访问策略的生成。也即是该属性集合可以是待升级设备或者是其他设备发送给服务器的，也可以是服务器预先存储的(例如大数据存储、大数据分析等)，本发明实施例对此不作具体限定。In a possible implementation manner, the server determines the attribute set of the device to be upgraded above by acquiring an upgrade request including the attribute set of the device to be upgraded before generating the access policy. For example, the upgrade request may be an upgrade request for one or more on-board units to be upgraded in the intelligent vehicle/vehicle system (eg, human-machine interface HMI, battery management system BMS, electronic control unit, etc.). That is, the server can learn the attribute set of the device to be upgraded by carrying the attribute set of the device to be upgraded (including one or more attribute information of the device) in the upgrade request of the device to be upgraded. Optionally, the generation of the access policy may also be performed through the attribute set of the device to be upgraded pre-stored by the server or the attribute set of the device to be upgraded obtained through other means. That is, the attribute set may be sent to the server by the device to be upgraded or other devices, or may be pre-stored by the server (eg, big data storage, big data analysis, etc.), which is not specifically limited in this embodiment of the present invention.

在一种可能的实现方式中，属性集合包括一个或多个属性信息；服务器获取待升级设备的升级请求之前还包括：服务器生成公钥和主密钥，主密钥为公钥对应的私钥；服务器根据主密钥以及一个或多个属性信息，生成一个或多个属性密钥；服务器将一个或多个属性密钥发送至待升级设备进行预存储；其中，一个或多个属性密钥用于待升级设备对目标升级包密文进行解密以获得目标升级包。本发明实施例中，服务器在初始阶段需要生成针对该待升级设备后续安全升级过程中所要使用到的公钥、主密钥(与公钥对应的私钥)以及对应的属性密钥，并且将属性密钥发送给拥有对应属性信息的待升级设备，以保证后续的基于密文策略属性加密算法的设备安全升级过程。例如，原车厂OEM的服务器需要在前期预先生成本发明实施例所基于的属性加密算法中的相关密钥，以及将相关密钥分发给对应的待升级设备。即定义待升级设备的相关属性信息以及对应的属性密钥。具体地，车厂的服务器使用setup算法生成公钥pk_c与主密钥mr_c，该公钥pk_c与主密钥mr_c为一对公私钥对。再使用pk_c与mr_c生成待升级设备的各种不同属性信息对应的属性密钥ar_c；并且将属性密钥预置于相应的智能车辆内部。In a possible implementation manner, the attribute set includes one or more attribute information; before the server obtains the upgrade request of the device to be upgraded, it further includes: the server generates a public key and a master key, and the master key is a private key corresponding to the public key ; The server generates one or more attribute keys according to the master key and one or more attribute information; the server sends one or more attribute keys to the device to be upgraded for pre-storage; wherein, one or more attribute keys It is used for the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package. In the embodiment of the present invention, the server needs to generate the public key, the master key (the private key corresponding to the public key) and the corresponding attribute key to be used in the subsequent security upgrade process of the device to be upgraded in the initial stage, and the The attribute key is sent to the device to be upgraded that has the corresponding attribute information, so as to ensure the subsequent security upgrade process of the device based on the ciphertext policy attribute encryption algorithm. For example, the server of the original car manufacturer OEM needs to generate the relevant key in the attribute encryption algorithm based on the embodiment of the present invention in advance, and distribute the relevant key to the corresponding device to be upgraded. That is, the related attribute information of the device to be upgraded and the corresponding attribute key are defined. Specifically, the server of the depot uses the setup algorithm to generate the public key pk_c and the master key mr_c, and the public key pk_c and the master key mr_c are a pair of public and private keys. Then use pk_c and mr_c to generate attribute keys ar_c corresponding to various attribute information of the device to be upgraded; and preset the attribute keys inside the corresponding intelligent vehicle.

在一种可能的实现方式中，服务器还预先生成公钥和主密钥，主密钥为公钥对应的私钥；服务器将公钥和主密钥发送至待升级设备上进行预存储，该主密钥可用于待升级设备在待升级设备的本地，根据满足访问策略中升级条件的属性信息生成对应的属性密钥，进而获得对应的目标升级包。本方法实施例中，服务器将公钥和主密钥均发送给待升级设备，用于待升级设备在待升级设备的本地，根据满足访问策略中升级条件的属性信息生成对应的属性密钥，进而获得对应的目标升级包。可适用于待升级设备的属性信息变化大的情形，例如，智能车辆为共享车辆，其对应的用户信息或者账户信息等经常变动，导致经常需要不同的属性密钥才能为不同的用户提供设备升级服务等。In a possible implementation manner, the server also generates a public key and a master key in advance, and the master key is a private key corresponding to the public key; the server sends the public key and master key to the device to be upgraded for pre-storage, and the master key is the private key corresponding to the public key. The master key can be used by the device to be upgraded locally to generate the corresponding attribute key according to the attribute information that satisfies the upgrade condition in the access policy, and then obtain the corresponding target upgrade package. In this embodiment of the method, the server sends both the public key and the master key to the device to be upgraded, so that the device to be upgraded locally generates the corresponding attribute key according to the attribute information that satisfies the upgrade conditions in the access policy, Then obtain the corresponding target upgrade package. It can be applied to the situation where the attribute information of the device to be upgraded changes greatly. For example, the intelligent vehicle is a shared vehicle, and its corresponding user information or account information changes frequently, which often requires different attribute keys to provide device upgrades for different users. service etc.

可选的，上述升级请求经过所述公钥pk_c的加密；服务器在接收到待升级设备的升级请求后，还根据所述公钥对应的私钥即主密钥mr_c对升级请求进行解密。也即是服务器在将一个或多个属性密钥发送至待升级设备上进行预存储时，还将所述公钥发送至所述待升级设备上，以用于所述待升级设备进行升级请求的加密。本发明实施例中，升级请求本身还可以经过公钥的加密，从而使得服务器可以使用主密钥对升级请求进行解密，以保证升级请求传输的安全性；且可进一步基于解密后的升级请求，以确定该待升级设备的是否有可用的目标升级包，以确保升级的准确性。进一步地，服务器根据解密后的升级请求，核对车辆的身份与属性，判断当前是否有可用的目标升级包(若判断出当前没有可用升级包，也可以向待升级设备指示当前无需进行升级)，该目标升级包可以是对于智能车辆内的一个或多个不同待升级车载单元的升级文件的组合。Optionally, the above upgrade request is encrypted by the public key pk_c; after receiving the upgrade request of the device to be upgraded, the server also decrypts the upgrade request according to the private key corresponding to the public key, that is, the master key mr_c. That is, when the server sends one or more attribute keys to the device to be upgraded for pre-storage, it also sends the public key to the device to be upgraded, so that the device to be upgraded can perform an upgrade request. encryption. In this embodiment of the present invention, the upgrade request itself can also be encrypted by the public key, so that the server can use the master key to decrypt the upgrade request to ensure the security of the upgrade request transmission; and further based on the decrypted upgrade request, To determine whether there is a target upgrade package available for the device to be upgraded, so as to ensure the accuracy of the upgrade. Further, the server checks the identity and attributes of the vehicle according to the decrypted upgrade request, and determines whether there is currently an available target upgrade package (if it is determined that there is currently no available upgrade package, it can also indicate to the device to be upgraded that no upgrade is currently required), The target upgrade package may be a combination of upgrade files for one or more different on-board units to be upgraded in the smart vehicle.

步骤S903：所述服务器基于属性加密算法，根据所述访问策略对目标升级包进行加密，生成目标升级包密文。Step S903: The server encrypts the target upgrade package according to the access policy based on the attribute encryption algorithm, and generates the ciphertext of the target upgrade package.

具体地，服务器基于属性加密算法，输入目标升级包、以及步骤S903中的访问策略，可选的还输入服务器生成的公钥，最终输出该目标升级包的密文即目标升级包密文。待升级设备能够解密该目标升级包密文，当且仅当该待升级设备对应的属性信息(体现在是否拥有对应的属性密钥)满足在该目标升级包密文中部署的访问策略才行。其中，目标升级包可以为智能车辆中任意一个或多个待升级车载单元的系统升级文件、系统补丁或系统同步信息等，用于为对应的待升级车载单元提供系统升级、维护或更新等服务。本发明实施例基于密文策略的属性加密算法(ciphertext policy attribute based encryption，CP-ABE)，在公钥加密体制中引入访问策略，以此部署目标升级包的访问控制策略。与传统的公钥加密体制(如基于身份的加密IBE)，本发明实施例不再将待升级设备的身份作为唯一识别信息，而是根据多个属性(即属性集合)来标识待升级设备，增强了描述性，实现了一个具有强制力、且可满足多种前提条件(即可基于升级请求中的属性集合灵活变化)检测的设备升级方案。在保障升级包机密性与完整性的前提下，能够提供具有强制力的待升级设备的身份与状态的前提条件检测。Specifically, the server inputs the target upgrade package and the access policy in step S903 based on the attribute encryption algorithm, optionally also inputs the public key generated by the server, and finally outputs the ciphertext of the target upgrade package, that is, the target upgrade package ciphertext. The device to be upgraded can decrypt the ciphertext of the target upgrade package if and only if the attribute information corresponding to the device to be upgraded (reflected in whether it has the corresponding attribute key) satisfies the access policy deployed in the ciphertext of the target upgrade package. The target upgrade package can be the system upgrade file, system patch or system synchronization information of any one or more on-board units to be upgraded in the smart vehicle, which are used to provide system upgrade, maintenance or update services for the corresponding on-board units to be upgraded. . The embodiment of the present invention introduces an access policy into a public key encryption system based on a ciphertext policy attribute based encryption (CP-ABE) algorithm, thereby deploying the access control policy of the target upgrade package. Unlike traditional public key encryption systems (such as identity-based encryption IBE), the embodiment of the present invention no longer uses the identity of the device to be upgraded as unique identification information, but identifies the device to be upgraded according to multiple attributes (ie, attribute sets), The descriptiveness is enhanced, and a device upgrade scheme that is enforceable and can satisfy various preconditions (that is, can be detected flexibly based on the attribute set in the upgrade request) is implemented. On the premise of ensuring the confidentiality and integrity of the upgrade package, it can provide a mandatory precondition detection of the identity and status of the device to be upgraded.

步骤S904：所述服务器将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。Step S904: the server sends the ciphertext of the target upgrade package to the device to be upgraded, and the ciphertext of the target upgrade package is used for the device to be upgraded according to one or more attribute keys corresponding to the attribute set Decryption is performed to obtain the target upgrade package.

具体地，服务器将目标升级包密文发送至待升级设备，待升级设备接收到该目标升级包密文后，根据其属性集合中与上述访问策略匹配的属性密钥，对目标升级包密文进行解密，以获得目标升级包的明文，并最终根据该目标升级包进行升级。也即是只有拥有符合访问策略中的前提条件的属性信息(也即拥有匹配的属性密钥)的待升级设备才能够解密获得目标升级包。在本发明实施例中，由于服务器和待升级设备之间预先协商好了相关的公钥、主密钥以及属性密钥，并将公钥和属性密钥分发给了具有对应属性信息的待升级设备。因此，经过上述步骤S901-步骤S904的流程后，不仅可以保证目标升级包来源的合法性、传输的机密性和完整性，并且可以实现具有强制力的设备身份与状态的前提条件检测的升级过程，即可满足多种前提条件检测的设备升级方案。本发明实施例应用在车载设备升级场景中时，可以保证车辆升级的安全性以及准确性。Specifically, the server sends the ciphertext of the target upgrade package to the device to be upgraded, and after the device to be upgraded receives the ciphertext of the target upgrade package, according to the attribute key in the attribute set that matches the above access policy, the ciphertext of the target upgrade package is updated. Decryption is performed to obtain the plaintext of the target upgrade package, and finally the upgrade is performed according to the target upgrade package. That is, only the device to be upgraded that has attribute information that meets the preconditions in the access policy (that is, has the matching attribute key) can decrypt to obtain the target upgrade package. In the embodiment of the present invention, since the server and the device to be upgraded have negotiated the relevant public key, master key and attribute key in advance, and distributed the public key and attribute key to the device to be upgraded with the corresponding attribute information equipment. Therefore, after the above-mentioned steps S901-S904, not only the legitimacy of the source of the target upgrade package, the confidentiality and integrity of the transmission can be guaranteed, but also the upgrade process of the precondition detection with mandatory device identity and status can be realized. , an equipment upgrade solution that can meet various preconditions detection. When the embodiments of the present invention are applied in a vehicle-mounted device upgrade scenario, the safety and accuracy of the vehicle upgrade can be guaranteed.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；所述目标升级包包括所述属性集合中至少一个属性信息对应的更新后的属性密钥。本发明实施例中，由于属性密钥可能会存在更新或变更的情况，因此，服务器还可以通过在目标升级包中携带最新的属性密钥，使得满足属性信息条件的待升级设备可以根据最新的属性密钥进行升级包的解密，避免需要通过其他额外流程将更新后的属性密钥的发送给待升级设备。In a possible implementation manner, the attribute set includes one or more attribute information; the target upgrade package includes an updated attribute key corresponding to at least one attribute information in the attribute set. In the embodiment of the present invention, since the attribute key may be updated or changed, the server can also carry the latest attribute key in the target upgrade package, so that the device to be upgraded that meets the attribute information condition can be upgraded according to the latest attribute key. The attribute key is used to decrypt the upgrade package, avoiding the need to send the updated attribute key to the device to be upgraded through other additional processes.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；其中，至少一个所述属性信息相同的不同待升级设备对应相同的所述公钥和对应的主密钥。本发明实施例中，服务器针对具有相同的某一种或者某几种属性信息的不同待升级设备，使用相同的公钥以及对应的主密钥，可以降低服务器上的存储量以及计算量，提升升级效率。例如具有相同型号的车辆，可以采用相同的公钥和主密钥。In a possible implementation manner, the attribute set includes one or more attribute information; wherein, at least one different device to be upgraded with the same attribute information corresponds to the same public key and corresponding master key. In this embodiment of the present invention, the server uses the same public key and corresponding master key for different devices to be upgraded that have the same attribute information of one or several types, which can reduce the amount of storage and calculation on the server, and improve the Upgrade efficiency. For example, vehicles with the same model can use the same public key and master key.

本发明实施例中，将密文策略属性加密算法(CP-ABE)具体应用到设备升级场景中，通过在待升级设备的升级请求中携带该待升级设备的属性集合(包含该设备的一个或多个属性信息)，使得服务器可根据该升级请求中的属性集合，生成对应的访问策略，并根据该访问策略对待升级设备的升级包进行加密，最终生成只有满足访问策略中所设置的前提条件(即拥有匹配的属性信息所对应的属性密钥)的设备才可以正确解密获得升级包，实现了升级条件的强制检测以及升级包细粒度的访问控制，即非法设备或者不满足升级条件的设备由于没有匹配的属性信息对应的属性密钥，则无法获得或解密该升级包，保证了设备升级过程的安全性以及准确性。In the embodiment of the present invention, the ciphertext policy attribute encryption algorithm (CP-ABE) is specifically applied to the device upgrade scenario, by carrying the attribute set of the device to be upgraded (including one or more of the device to be upgraded) in the upgrade request of the device to be upgraded. multiple attribute information), so that the server can generate a corresponding access policy according to the attribute set in the upgrade request, and encrypt the upgrade package of the device to be upgraded according to the access policy, and finally generate only the preconditions set in the access policy. (that is, the device that has the attribute key corresponding to the matching attribute information) can correctly decrypt and obtain the upgrade package, which realizes the mandatory detection of the upgrade conditions and the fine-grained access control of the upgrade package, that is, illegal devices or devices that do not meet the upgrade conditions. Since there is no attribute key corresponding to the matching attribute information, the upgrade package cannot be obtained or decrypted, which ensures the security and accuracy of the device upgrade process.

需要说明的是，虽然上述实施例主要以智能车辆/车载系统升级的场景为例进行描述，但并不代表本申请中的设备升级方法只能应用于以上车载设备的升级场景，如前述，本申请中的设备升级方法还可以应用于，例如服务器管理智能家电进行升级、服务器管理虚拟机进行系统升级、服务器管理终端批量系统升级、智能手机管理智能穿戴设备进行设备升级等等，其它场景及举例将不再一一列举和赘述。It should be noted that although the above-mentioned embodiments are mainly described by taking the scenario of upgrading the intelligent vehicle/vehicle system as an example, it does not mean that the equipment upgrading method in this application can only be applied to the above scene of upgrading the vehicle-mounted equipment. The device upgrade method in the application can also be applied to, for example, the server manages smart home appliances for upgrade, the server manages virtual machines for system upgrade, the server manages terminal batch system upgrade, the smart phone manages smart wearable devices for device upgrade, etc. Other scenarios and examples They will not be listed and repeated.

请参见图10，图10是本发明实施例提供的另一种设备升级方法的流程示意图，该设备升级方法可应用于上述系统架构一，且适用于上述图1、图2中的任意一种应用场景。下面将结合附图10从服务器和待升级设备的交互侧进行描述，该方法实施例可以包括以下步骤S1001-步骤S1011，其中包括步骤S1004-A-步骤S1007-A。Please refer to FIG. 10. FIG. 10 is a schematic flowchart of another device upgrade method provided by an embodiment of the present invention. The device upgrade method can be applied to the above-mentionedsystem architecture 1, and is applicable to any one of the above-mentioned FIGS. 1 and 2. application scenarios. The interaction side between the server and the device to be upgraded will be described below with reference to FIG. 10. This method embodiment may include the following steps S1001-S1011, including steps S1004-A-S1007-A.

S1001：服务器生成公钥和主密钥，主密钥为公钥对应的私钥。S1001: The server generates a public key and a master key, and the master key is a private key corresponding to the public key.

S1002：服务器根据主密钥以及一个或多个属性信息，生成一个或多个属性密钥。S1002: The server generates one or more attribute keys according to the master key and one or more attribute information.

S1003：服务器将一个或多个属性密钥发送至待升级设备进行预存储；其中，一个或多个属性密钥用于待升级设备对目标升级包密文进行解密以获得目标升级包。S1003: The server sends one or more attribute keys to the device to be upgraded for pre-storage; wherein the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package.

S1004-A：待升级设备获取待升级设备的属性集合对应的一个或多个属性密钥。S1004-A: The device to be upgraded acquires one or more attribute keys corresponding to the attribute set of the device to be upgraded.

S1005-A：待升级设备向服务器发送升级请求，服务器接收待升级设备发送的升级请求，升级请求包括待升级设备的属性集合，属性集合包括待升级设备的一个或多个属性信息。S1005-A: The device to be upgraded sends an upgrade request to the server, and the server receives the upgrade request sent by the device to be upgraded. The upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attribute information of the device to be upgraded.

S1006-A：服务器对待升级设备的身份信息进行验证。S1006-A: The server verifies the identity information of the device to be upgraded.

S1007-A：若验证通过，服务器根据待升级设备的一个或多个属性信息，确定待升级设备需要升级的一个或多个升级文件，目标升级包包括一个或多个升级文件。S1007-A: If the verification is passed, the server determines one or more upgrade files that need to be upgraded for the device to be upgraded according to one or more attribute information of the device to be upgraded, and the target upgrade package includes one or more upgrade files.

可替换地，上述步骤S1004-A-步骤S1007-A可以替换为下面的步骤S1004-B-步骤S1004-B。请参见图11，图11是本发明实施例提供的又一种设备升级方法的流程示意图，该设备升级方法可应用于上述系统架构二，且适用于上述图1、图3中的任意一种应用场景。该方法实施例可以包括以下步骤S1001-步骤S1011，其中包括如下步骤S1004-B-步骤S1007-B。Alternatively, the above steps S1004-A-step S1007-A may be replaced by the following steps S1004-B-step S1004-B. Please refer to FIG. 11. FIG. 11 is a schematic flowchart of another device upgrade method provided by an embodiment of the present invention. The device upgrade method can be applied to the above-mentioned system architecture 2, and is applicable to any one of the above-mentioned FIGS. 1 and 3. application scenarios. This method embodiment may include the following steps S1001-S1011, which include the following steps S1004-B-S1007-B.

S1004-B：待升级设备获取终端设备的一个或多个属性信息对应的属性密钥，以及待升级设备的一个或多个属性信息对应属性密钥。S1004-B: The device to be upgraded acquires an attribute key corresponding to one or more attribute information of the terminal device, and an attribute key corresponding to one or more attribute information of the device to be upgraded.

S1005-B：终端设备向服务器发送待升级设备的升级请求，服务器接收终端设备发送的待升级设备的升级请求，升级请求包括待升级设备的属性集合，属性集合包括终端设备的一个或多个属性信息以及待升级设备的一个或多个属性信息；S1005-B: The terminal device sends an upgrade request of the device to be upgraded to the server, and the server receives the upgrade request of the device to be upgraded sent by the terminal device. The upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attributes of the terminal device information and one or more attribute information of the device to be upgraded;

S1006-B：服务器对终端设备的身份信息和终端设备待升级设备的身份信息分别进行验证；S1006-B: The server verifies the identity information of the terminal device and the identity information of the terminal device to be upgraded respectively;

S1007-B：若均验证通过，服务器根据终端设备的一个或多个属性信息以及待升级设备的一个或多个属性信息，确定待升级设备需要升级的一个或多个升级文件，目标升级包包括一个或多个升级文件。S1007-B: If all verifications pass, the server determines one or more upgrade files that need to be upgraded for the device to be upgraded according to one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded, and the target upgrade package includes One or more upgrade files.

S1008：服务器根据属性集合生成针对待升级设备的访问策略。S1008: The server generates an access policy for the device to be upgraded according to the attribute set.

S1009：服务器基于属性加密算法，根据访问策略对目标升级包进行加密，生成目标升级包密文。S1009: Based on the attribute encryption algorithm, the server encrypts the target upgrade package according to the access policy, and generates the ciphertext of the target upgrade package.

S1010：服务器将目标升级包密文发送至待升级设备。待升级设备接收服务器发送的目标升级包密文；S1010: The server sends the ciphertext of the target upgrade package to the device to be upgraded. The device to be upgraded receives the ciphertext of the target upgrade package sent by the server;

S1011：待升级设备根据一个或多个属性密钥对目标升级包密文进行解密，获得目标升级包。S1011: The device to be upgraded decrypts the ciphertext of the target upgrade package according to one or more attribute keys to obtain the target upgrade package.

具体地，以下主要以智能车辆/车载系统升级的场景为例进行描述，即待升级设备可以为智能车辆/车载系统。升级请求可以为针对智能车辆/车载系统中的一个或多个待升级车载单元(例如人机界面HMI、电池管理系统BMS、电子控制单元等)的升级请求。Specifically, the following description mainly takes the scenario of smart vehicle/vehicle system upgrade as an example, that is, the device to be upgraded may be an intelligent vehicle/vehicle system. The upgrade request may be an upgrade request for one or more on-board units to be upgraded in the intelligent vehicle/vehicle system (eg, human-machine interface HMI, battery management system BMS, electronic control unit, etc.).

在上述步骤S1001-步骤S1003中，服务器生成公钥和主密钥，主密钥为公钥对应的私钥；服务器根据主密钥以及一个或多个属性信息，生成一个或多个属性密钥；服务器将一个或多个属性密钥发送至待升级设备进行预存储；其中，一个或多个属性密钥用于待升级设备对目标升级包密文进行解密以获得目标升级包。也即是服务器在初始阶段需要生成针对该待升级设备后续安全升级过程中所要使用到的公钥、主密钥(与公钥对应的私钥)以及对应的属性密钥，并且将属性密钥发送给拥有对应属性信息的待升级设备，以保证后续的基于密文策略属性加密算法的设备安全升级过程。需要说明的是，若对应图11中所述的实施例，则该一个或多个属性密钥中还包括终端设备的属性信息所对应的属性密钥，也即是后续生成访问策略时，需要基于终端设备的属性信息以及待升级设备的属性信息生成。对应的，服务器接收的升级请求中包括的属性集合包括也包括终端设备的一个或多个属性信息。In the above steps S1001-S1003, the server generates a public key and a master key, and the master key is a private key corresponding to the public key; the server generates one or more attribute keys according to the master key and one or more attribute information ; The server sends one or more attribute keys to the device to be upgraded for pre-storage; wherein, the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package. That is, in the initial stage, the server needs to generate the public key, the master key (the private key corresponding to the public key) and the corresponding attribute key to be used in the subsequent security upgrade process of the device to be upgraded, and the attribute key needs to be generated. It is sent to the device to be upgraded that has the corresponding attribute information to ensure the subsequent security upgrade process of the device based on the ciphertext policy attribute encryption algorithm. It should be noted that, if it corresponds to the embodiment described in FIG. 11 , the one or more attribute keys also include the attribute key corresponding to the attribute information of the terminal device, that is, when the access policy is subsequently generated, it needs to be It is generated based on the attribute information of the terminal device and the attribute information of the device to be upgraded. Correspondingly, the attribute set included in the upgrade request received by the server includes one or more attribute information of the terminal device.

在上述步骤S1004-A-步骤S1007-A中，通过待升级设备自身向服务器发送升级请求，且该升级请求中携带了该待升级设备的一个或者多个属性信息。例如，待升级车辆向服务器发送携带有自身的车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号等属性信息的升级请求。属性集合包括待升级设备的一个或多个属性信息。目标升级包包括该待升级设备的一个或多个升级文件(例如智能车辆中的多个待升级车载单元分别对应的升级文件)。进一步地，服务器在获取待升级设备的升级请求后，先对该升级请求做身份验证，若身份验证通过后，则表明该待升级设备的身份是合法的。进一步地，服务器可以根据升级请求中的待升级设备的属性信息确定对应的目标升级包，例如，根据属性集合中的硬件版本号和软件版本号确定智能车辆当前需要更行的升级文件。由于，升级包是服务器根据该待升级设备的属性信息确定的，因此可以确保待升级设备可以下载其所精确需要、以及符合条件的升级包，避免升级包不符合待升级设备的属性要求。同时，也可以避免不符合该属性信息的待升级设备非法获得升级包，进一步保证了设备升级过程的安全性以及准确性。In the above steps S1004-A to S1007-A, an upgrade request is sent to the server through the device to be upgraded itself, and the upgrade request carries one or more attribute information of the device to be upgraded. For example, the vehicle to be upgraded sends an upgrade request to the server that carries attribute information such as its own vehicle identity code, engine number, license plate number, model serial number, hardware version number of vehicle components, and software version number of vehicle components. The attribute set includes one or more attribute information of the device to be upgraded. The target upgrade package includes one or more upgrade files of the device to be upgraded (for example, upgrade files corresponding to multiple on-board units to be upgraded in the smart vehicle). Further, after acquiring the upgrade request of the device to be upgraded, the server first performs identity verification on the upgrade request, and if the identity verification is passed, it indicates that the identity of the device to be upgraded is legal. Further, the server can determine the corresponding target upgrade package according to the attribute information of the device to be upgraded in the upgrade request, for example, according to the hardware version number and software version number in the attribute set to determine the upgrade file that the smart vehicle currently needs to update. Because the upgrade package is determined by the server according to the attribute information of the device to be upgraded, it can ensure that the device to be upgraded can download the upgrade package that it needs exactly and meets the conditions, and avoids that the upgrade package does not meet the attribute requirements of the device to be upgraded. At the same time, the device to be upgraded that does not conform to the attribute information can also be prevented from illegally obtaining the upgrade package, thereby further ensuring the safety and accuracy of the device upgrade process.

可选的，在上述步骤S1001-B-步骤S1003-B中，通过与待升级设备绑定的终端设备向服务器发送升级请求，此时该升级请求中携带了该终端设备的一个或多个属性信息以及该待升级设备自身的一个或者多个属性信息。可选的，在终端设备向服务器发送升级请求之前，还获取终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。例如，与智能车辆绑定的智能手机向服务器发送携带有自身的手机号、手机识别码和手机的软件版本信息，以及携带有待升级车辆的车辆身份码、引擎号、车牌号码、车型流水号、车辆部件的硬件版本号和车辆部件的软件版本号等属性信息的升级请求。而服务器在获取待升级设备的升级请求后，先对终端设备和待升级设备共同做身份验证，若身份验证均通过后，则表明该请求的终端设备是合法的，且其请求进行设备升级的待升级设备也是合法的。且由于升级包是服务器根据终端设备和待升级设备的属性信息共同确定的，因此可以确保只有终端设备的属性信息，以及与其绑定的待升级设备的属性信息均符合访问策略中升级条件的情况下，该待升级设备才可以进行安全升级，提供了具有强制力的终端设备和待升级设备的身份与状态的前提条件检测，保证了设备升级过程的安全性以及准确性，避免非法设备或不符合条件的待升级设备非法获得升级包。在一种可能的实现方式中，所述终端设备为智能手机；所述属性集合包括手机号、手机识别码和手机的软件版本信息中的一种或者多种属性信息。即通过采用智能手机搭配待升级设备进行升级，提供一种适用于一些特殊场景中的升级系统架构。例如，某个用户可以通过自己的智能手机对与该手绑定的车辆进行安全升级，安全便捷。Optionally, in the above steps S1001-B-step S1003-B, an upgrade request is sent to the server through a terminal device bound to the device to be upgraded, and the upgrade request carries one or more attributes of the terminal device at this time. information and one or more attribute information of the device to be upgraded itself. Optionally, before the terminal device sends the upgrade request to the server, one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded are further acquired. For example, a smartphone bound to a smart vehicle sends to the server its own mobile phone number, mobile phone identification code and software version information of the mobile phone, as well as the vehicle identification code, engine number, license plate number, model serial number, etc. of the vehicle to be upgraded. An upgrade request for attribute information such as the hardware version number of the vehicle component and the software version number of the vehicle component. After obtaining the upgrade request of the device to be upgraded, the server firstly performs identity verification on the terminal device and the device to be upgraded. If the authentication is passed, it means that the requested terminal device is legitimate and the request for device upgrade is made. Equipment to be upgraded is also legal. And because the upgrade package is jointly determined by the server according to the attribute information of the terminal device and the device to be upgraded, it can be ensured that only the attribute information of the terminal device and the attribute information of the device to be upgraded bound to it meet the upgrade conditions in the access policy. Only under this condition can the device to be upgraded can be safely upgraded, which provides mandatory detection of the identity and status of the terminal device and the device to be upgraded, which ensures the safety and accuracy of the device upgrade process, and avoids illegal devices or unauthorized Eligible devices to be upgraded illegally obtain upgrade packages. In a possible implementation manner, the terminal device is a smart phone; the attribute set includes one or more attribute information among a mobile phone number, a mobile phone identification code, and software version information of the mobile phone. That is, an upgrade system architecture suitable for some special scenarios is provided by using a smart phone with a device to be upgraded for upgrade. For example, a user can safely upgrade the vehicle bound to the hand through his smartphone, which is safe and convenient.

在上述步骤S1008中，关于服务器根据属性集合生成针对待升级设备的访问策略的具体方式，针对上述图10或图11的两种架构中，包括两种实现方式：In the above step S1008, regarding the specific manner in which the server generates the access policy for the device to be upgraded according to the attribute set, the two architectures in the above-mentioned FIG. 10 or FIG. 11 include two implementation manners:

方式一，属性集合包括待升级设备的一个或多个属性信息；服务器根据待升级设备的一个或多个属性信息，确定待升级设备需要升级的一个或多个升级文件，目标升级包包括一个或多个升级文件；服务器确定一个或多个升级文件对应的升级条件，并基于升级条件生成访问策略。本发明实施例中，服务器根据待升级设备的一个或者多个属性信息确定一个或多个升级文件，并依据该一个或多个升级文件的升级条件组合后转换为访问策略，也即是服务器根据待升级设备的相关属性信息生成针对该待升级设备的升级条件，以限制目标升级包的访问权限。Mode 1, the attribute set includes one or more attribute information of the device to be upgraded; the server determines one or more upgrade files that need to be upgraded for the device to be upgraded according to the one or more attribute information of the device to be upgraded, and the target upgrade package includes one or more upgrade files. Multiple upgrade files; the server determines the upgrade conditions corresponding to one or more upgrade files, and generates an access policy based on the upgrade conditions. In the embodiment of the present invention, the server determines one or more upgrade files according to one or more attribute information of the device to be upgraded, and converts it into an access policy according to the combination of the upgrade conditions of the one or more upgrade files, that is, the server according to The relevant attribute information of the device to be upgraded generates an upgrade condition for the device to be upgraded, so as to limit the access authority of the target upgrade package.

方式二，服务器根据终端设备的一个或多个属性信息以及待升级设备的一个或多个属性信息，确定待升级设备需要升级的一个或多个升级文件，目标升级包包括一个或多个升级文件；服务器确定一个或多个升级文件对应的升级条件，并基于升级条件生成访问策略。本发明实施例中，由于引入终端设备协助待升级设备进行升级，因此，服务器根据终端设备和待升级设备的多个属性信息确定一个或多个升级文件，并依据该一个或多个升级文件的升级条件组合后转换为访问策略，也即是服务器根据终端设备和待升级设备的相关属性信息生成针对该待升级设备的升级条件，以限制目标升级包的访问权限。Mode 2: The server determines one or more upgrade files that need to be upgraded for the device to be upgraded according to one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded, and the target upgrade package includes one or more upgrade files ; The server determines the upgrade conditions corresponding to one or more upgrade files, and generates an access policy based on the upgrade conditions. In this embodiment of the present invention, since a terminal device is introduced to assist the device to be upgraded in upgrading, the server determines one or more upgrade files according to multiple attribute information of the terminal device and the device to be upgraded, and determines one or more upgrade files according to the attribute information of the one or more upgrade files. After the upgrade condition is combined, it is converted into an access policy, that is, the server generates an upgrade condition for the to-be-upgraded device according to the relevant attribute information of the terminal device and the to-be-upgraded device, so as to limit the access rights of the target upgrade package.

上述步骤S1009至步骤S1011可参考上述图9实施例中的步骤S902至步骤S904的相关描述，此处不再赘述。For the above steps S1009 to S1011 , reference may be made to the relevant descriptions of the steps S902 to S904 in the embodiment of FIG. 9 , which will not be repeated here.

基于上述，以下结合具体应用场景以及附图，对上述发明实施例进行进一步的描述。Based on the above, the above embodiments of the invention are further described below with reference to specific application scenarios and accompanying drawings.

请参见图12，图12是本发明实施例提供的一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)。其中，Please refer to FIG. 12 . FIG. 12 is a schematic diagram of an upgrade scenario of an intelligent vehicle provided by an embodiment of the present invention. Taking the device to be upgraded as an intelligent vehicle and the server as a server of a vehicle manufacturer OEM as an example, the device in this application is upgraded The process is divided into: system setup phase (setup phase) and system upgrade phase (update phase). in,

1、系统设置阶段(setup phase)，主要包括密钥的生成和分发：1. The system setup phase (setup phase) mainly includes the generation and distribution of keys:

(1)车辆制造商OEM服务器端，针对某特定车型(Car Model)的车进行系统设定，通过系统参数生成公钥(pk_c)和主密钥(mr_c)，该公钥和主密钥为一对公私钥对；(1) On the OEM server side of the vehicle manufacturer, the system is set for a car of a specific car model, and the public key (pk_c) and the master key (mr_c) are generated through the system parameters. The public key and the master key are A pair of public and private keys;

(2)OEM服务器基于该主密钥(mr_c)以及智能车辆的不同属性信息分别生成不同属性信息对应的属性密钥(ar_c)，然后将上述公钥(pk_c)和属性密钥(ar_c)通过安全通道发送至拥有对应属性信息的智能车辆。(2) The OEM server generates attribute keys (ar_c) corresponding to different attribute information respectively based on the master key (mr_c) and different attribute information of the smart vehicle, and then passes the public key (pk_c) and attribute key (ar_c) through the The safe channel is sent to the intelligent vehicle with the corresponding attribute information.

2、系统升级阶段(update phase)，主要包括OEM服务器验证车辆身份和状态、OEM生成相应的升级包：2. The system upgrade phase (update phase) mainly includes the OEM server to verify the vehicle identity and status, and the OEM to generate the corresponding upgrade package:

(1)智能车辆当前已经拥有系统设置阶段由OEM服务器配置的公钥(pk_c)和一个或多个属性信息对应的属性密钥(ar_c)。(1) The smart vehicle currently has the public key (pk_c) configured by the OEM server in the system setup stage and the attribute key (ar_c) corresponding to one or more attribute information.

(2)智能车辆向OEM服务器发送升级请求，且该升级请求中包括经过上述公钥(pk_c)加密的身份信息ID和状态信息attribute(也即是属性集合)，记为Enc_{pk_c}(ID,attribute)。(2) The smart vehicle sends an upgrade request to the OEM server, and the upgrade request includes the identity information ID and state information attribute (that is, the attribute set) encrypted by the public key (pk_c), which is recorded as Enc_{pk_c} (ID, attribute ).

(3)OEM服务器根据所述主密钥(mr_c)对接收到的升级请求进行解密和验证，即通过对应的解密算法Dec_{mr_c}(C)以验证车辆身份和状态，其中C则是指上述升级请求。(3) The OEM server decrypts and verifies the received upgrade request according to the master key (mr_c), that is, to verify the identity and status of the vehicle through the corresponding decryption algorithm Dec_{mr_c} (C), where C refers to the above upgrade ask.

(4)OEM服务器根据公钥(pk_c)以及访问策略policy生成目标升级包package的目标升级包密文，也可称之为策略包，记为Enc_{pk_c}(package,policy)。可选的，该策略包可以包含新的属性密钥或者更新后的属性密钥。(4) The OEM server generates the target upgrade package ciphertext of the target upgrade package package according to the public key (pk_c) and the access policy policy, which can also be called a policy package, and is recorded as Enc_{pk_c} (package, policy). Optionally, the policy package may contain a new attribute key or an updated attribute key.

(5)OEM服务器将上述经过访问策略policy和公钥(pk_c)加密后的目标升级包C＝Enc_{pk_c}(package,policy)发送给智能车辆，此处，C是指目标升级包密文。(5) The OEM server sends the target upgrade package C=Enc_{pk_c} (package, policy) encrypted by the access policy policy and the public key (pk_c) to the smart vehicle, where C refers to the target upgrade package ciphertext.

(6)智能车辆接收上述目标升级包密文，如果满足访问策略(即使用必要的属性密钥)，则可以通过对应的属性密钥(ar_c)成功解密Dec_{ar_c}(C)。(6) The smart vehicle receives the ciphertext of the above-mentioned target upgrade package, and if the access policy is satisfied (that is, the necessary attribute key is used), Dec_{ar_c} (C) can be successfully decrypted through the corresponding attribute key (ar_c).

请参见图13，图13是本发明实施例提供的另一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)。其中，Please refer to FIG. 13. FIG. 13 is a schematic diagram of an upgrade scenario of another smart vehicle provided by an embodiment of the present invention. Taking the device to be upgraded as an intelligent vehicle and the server being the server of a vehicle manufacturer OEM as an example, the device in this application is taken as an example. The upgrade process is divided into: the system setup phase (setup phase) and the system upgrade phase (update phase). in,

(2)OEM服务器基于该主密钥(mr_c)以及智能车辆的不同属性信息分别生成不同属性信息对应的属性密钥(ar_c)，然后将上述公钥(pk_c)和属性密钥(ar_c)通过安全通道发送至拥有对应属性信息的智能车辆。例如，智能车辆的属性信息包括车辆标识号(VIN)、发动机编号、车牌号、序列号、TBox：硬件版本1，软件版本1、HMI：硬件版本1，软件版本1、动力系统：硬件版本1，软件版本1等。(2) The OEM server generates attribute keys (ar_c) corresponding to different attribute information respectively based on the master key (mr_c) and different attribute information of the smart vehicle, and then passes the public key (pk_c) and attribute key (ar_c) through the The safe channel is sent to the intelligent vehicle with the corresponding attribute information. For example, the attribute information of a smart vehicle includes vehicle identification number (VIN), engine number, license plate number, serial number, TBox:hardware version 1,software version 1, HMI:hardware version 1,software version 1, powertrain:hardware version 1 ,software version 1, etc.

(4)OEM服务器根据公钥(pk_c)以及访问策略policy生成目标升级包package的目标升级包密文，也可称之为策略包，记为Enc_{pk_c}(package,policy)。例如，该访问策略为(发动机编号＝1234567)和(TBox软件版本＝1)。(4) The OEM server generates the target upgrade package ciphertext of the target upgrade package package according to the public key (pk_c) and the access policy policy, which can also be called a policy package, and is recorded as Enc_{pk_c} (package, policy). For example, the access policy is (engine number=1234567) and (TBox software version=1).

(6)智能车辆可通过TBox接收上述目标升级包密文，并可通过车载主控制器检测自身是否有引擎号码为1234567的属性密钥(ar_c)与TBox软件版本号码为1的属性密钥(ar_c)，若均有，则可以正确解密出目标升级包密文Dec_{ar_c}(C)。若没有，则无法解密出目标升级包密文Dec_{ar_c}(C)。也即是实现了强制力的车辆身份与状态的前提条件检测。(6) The smart vehicle can receive the ciphertext of the above target upgrade package through TBox, and can detect whether it has the attribute key (ar_c) with the engine number 1234567 and the attribute key with the TBox software version number 1 ( ar_c), if both, the target upgrade package ciphertext Dec_{ar_c} (C) can be decrypted correctly. If not, the target upgrade package ciphertext Dec_{ar_c} (C) cannot be decrypted. That is, the precondition detection of the vehicle identity and state of the mandatory force is realized.

本发明实施例与上述图12中的实施例的区别在于，针对智能车辆的属性信息，提供了一种具体的访问策略的示例，以实现升级条件的强制性检测。The difference between the embodiment of the present invention and the embodiment in FIG. 12 is that, for the attribute information of the smart vehicle, a specific example of an access policy is provided to implement mandatory detection of upgrade conditions.

请参见图14，图14是本发明实施例提供的又一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)。其中，Please refer to FIG. 14. FIG. 14 is a schematic diagram of another smart vehicle upgrade scenario provided by an embodiment of the present invention. Taking the device to be upgraded as an intelligent vehicle and the server being a server of a vehicle manufacturer OEM as an example, the device in this application is taken as an example. The upgrade process is divided into: the system setup phase (setup phase) and the system upgrade phase (update phase). in,

(2)OEM服务器基于该主密钥(mr_c)以及该型号的智能车辆的不同属性信息分别生成不同属性信息对应的属性密钥(ar_c)，然后将上述公钥(pk_c)和属性密钥(ar_c)通过安全通道发送至拥有对应属性信息的智能车辆。例如，属性信息包括车辆标识号(VIN)、发动机编号、车牌号、序列号、TBox：硬件版本1，软件版本1、HMI：硬件版本1，软件版本1、动力系统：硬件版本1，软件版本1。(2) The OEM server respectively generates attribute keys (ar_c) corresponding to different attribute information based on the master key (mr_c) and different attribute information of the intelligent vehicle of this model, and then uses the public key (pk_c) and the attribute key ( ar_c) is sent to the intelligent vehicle with the corresponding attribute information through the secure channel. For example, attribute information includes vehicle identification number (VIN), engine number, license plate number, serial number, TBox:hardware version 1,software version 1, HMI:hardware version 1,software version 1, powertrain:hardware version 1,software version 1.

(4)OEM服务器根据公钥(pk_c)以及访问策略policy生成目标升级包package的目标升级包密文，也可称之为策略包，记为Enc_{pk_c}(package,policy)。例如，该访问策略为(发动机编号＝1234567)和(TBox软件版本＝1)。在图14中可以看出，车辆原始状态(尚未升级前)有TBox软件版本1，而目标升级包内含有对TBox的软件升级包，且升级后为版本号2，所以升级包中可包含新的属性密钥，该属性密钥相对应于TBox软件版本号2。也即是不仅可以升级智能车辆的软件,同时更新了相对应的属性密钥。(4) The OEM server generates the target upgrade package ciphertext of the target upgrade package package according to the public key (pk_c) and the access policy policy, which can also be called a policy package, and is recorded as Enc_{pk_c} (package, policy). For example, the access policy is (engine number=1234567) and (TBox software version=1). As can be seen in Figure 14, the original state of the vehicle (before the upgrade) hasTBox software version 1, and the target upgrade package contains the software upgrade package for TBox, and the upgrade is version 2, so the upgrade package can contain new The attribute key of the attribute key corresponds to the TBox software version number 2. That is, not only the software of the smart vehicle can be upgraded, but also the corresponding attribute key can be updated.

(6)智能车辆接收上述目标升级包密文，如果满足访问策略(即使用必要的属性密钥)，则可以通过对应的属性密钥(ar_c)成功解密Dec_{ar_c}(C)。例如，当智能车辆上的车载主控制器获得该目标升级包密文后，通过所拥有的属性密钥(例:TBox软件版本号1的属性密钥)进行解密，若属性密钥符合访问策略，则可以正确解出升级包。而此目标升级包中除包含TBox软件版本号2的升级包，还包含TBox软件版本号2的属性密钥，因此，车载主控制器将TBox软件版本号1的属性密钥更新为TBox软件版本号2的属性密钥。(6) The smart vehicle receives the ciphertext of the above-mentioned target upgrade package, and if the access policy is satisfied (that is, the necessary attribute key is used), Dec_{ar_c} (C) can be successfully decrypted through the corresponding attribute key (ar_c). For example, after the on-board main controller on the smart vehicle obtains the ciphertext of the target upgrade package, it decrypts with the attribute key it possesses (for example, the attribute key of TBox software version 1). If the attribute key conforms to the access policy , the upgrade package can be correctly extracted. In addition to the upgrade package of TBox software version 2, this target upgrade package also includes the attribute key of TBox software version 2. Therefore, the vehicle main controller updates the attribute key ofTBox software version 1 to the TBox software version. Attribute key for number 2.

本发明实施例与上述图12中的实施例的区别在于，在系统升级阶段中，在目标升级包中携带某个属性信息(例如此次会变动的动态属性信息)的更新后的属性密钥，以根据升级系统对属性密钥进行升级。The difference between the embodiment of the present invention and the embodiment in FIG. 12 is that, in the system upgrade stage, the updated attribute key of a certain attribute information (for example, the dynamic attribute information that will change this time) is carried in the target upgrade package , to upgrade the attribute key according to the upgrade system.

请参见图15，图15是本发明实施例提供的又一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)。其中，Please refer to FIG. 15. FIG. 15 is a schematic diagram of another smart vehicle upgrade scenario provided by an embodiment of the present invention. Taking the device to be upgraded as an intelligent vehicle and the server being the server of a vehicle manufacturer OEM as an example, the device in this application is taken as an example. The upgrade process is divided into: the system setup phase (setup phase) and the system upgrade phase (update phase). in,

(1)车辆制造商OEM服务器端针对某特定车型(Car Model)的车进行系统设定，通过系统参数生成公钥pk_c与主密钥mr_c。(1) The OEM server of the vehicle manufacturer sets the system for a car of a specific car model, and generates the public key pk_c and the master key mr_c through the system parameters.

(2)OEM服务器预置公钥(pk_c)与主密钥(mr_c)给此车型的车辆。本发明实施例中不特别描述静态属性信息与动态属性信息也即是对应的属性集合。由于主密钥已经预置给车辆，车辆可随需生成相对的属性密钥。(2) The OEM server presets the public key (pk_c) and the master key (mr_c) to the vehicle of this model. The embodiment of the present invention does not specifically describe the static attribute information and the dynamic attribute information, that is, the corresponding attribute sets. Since the master key has been preset to the vehicle, the vehicle can generate relative attribute keys on demand.

(1)智能车辆当前已经拥有系统设置阶段由OEM服务器配置的公钥(pk_c)和主密钥mr_c。(1) The smart vehicle currently has the public key (pk_c) and master key mr_c configured by the OEM server in the system setup stage.

(2)智能车辆提出升级需求,使用公钥(pk_c)、身份与状态属性生成加密的身份与状态属性，Enc_{pk_c}(ID attributes,status attributes)。(2) The intelligent vehicle proposes an upgrade requirement, and uses the public key (pk_c), identity and status attributes to generate encrypted identity and status attributes, Enc_{pk_c} (ID attributes, status attributes).

(3)智能车辆将包含加密的身份与状态属性的升级请求发送给OEM服务器。(3) The smart vehicle sends an upgrade request containing encrypted identity and status attributes to the OEM server.

(4)OEM服务器根据主密钥mr_c解密后(Dec_{mr_c}(C))，核对车辆身份与状态，此处密文C即为上述Enc_{pk_c}(ID attributes,status attributes)。(4) After decrypting the master key mr_c (Dec_{mr_c} (C)), the OEM server checks the vehicle identity and status, where the ciphertext C is the above Enc_{pk_c} (ID attributes, status attributes).

(5)OEM服务器根据属性集合中的状态信息找到可以升级的软件组合(package)，以及确认升级的前提条件。OEM服务器将前提条件组合成访问策略(access policy),并且通过该访问策略加密升级包Enc_{pk_c}(package,policy)。(5) The OEM server finds software packages (packages) that can be upgraded according to the status information in the attribute set, and confirms the preconditions for upgrading. The OEM server combines the prerequisites into an access policy, and encrypts the upgrade package Enc_{pk_c} (package, policy) through the access policy.

(6)OEM服务器向智能车辆提供该加密的升级包，其包含访问策略(accesspolicy)于其中。(6) The OEM server provides the smart vehicle with the encrypted upgrade package, which includes an access policy therein.

(7)当智能车辆上的车载主控制器获得该升级包时,通过主密钥mr_c对所拥有的属性生成属性密钥，并根据此属性密钥进行解密，若属性密钥符合访问策略，则可以正确解出升级包。(7) When the on-board main controller on the smart vehicle obtains the upgrade package, it generates an attribute key for the attribute it owns through the master key mr_c, and decrypts it according to the attribute key. If the attribute key conforms to the access policy, Then the upgrade package can be extracted correctly.

本发明实施例与上述图12中的实施例的区别在于，在系统设置阶段，OEM服务器将主密钥也预置于智能车辆上，其功能是智能车辆可以通过该主密钥动态生成各种属性密钥,支援更广的前提条件,例如行车速度,挡位,网络存取状态等。通过更广的前提条件支援更细致的条件检测，另一方面来说，本发明实施例中需要对智能车辆有更高的信任度。The difference between the embodiment of the present invention and the above-mentioned embodiment in FIG. 12 is that in the system setting stage, the OEM server also pre-installs the master key on the smart vehicle, and its function is that the smart vehicle can dynamically generate various Attribute key, supports a wider range of preconditions, such as driving speed, gear, network access status, etc. More detailed condition detection is supported through broader preconditions. On the other hand, in the embodiment of the present invention, a higher degree of trust in the intelligent vehicle is required.

请参见图16，图16是本发明实施例提供的又一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器、以终端设备为智能手机为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)。Please refer to FIG. 16. FIG. 16 is a schematic diagram of another smart vehicle upgrade scenario provided by an embodiment of the present invention. The device to be upgraded is a smart vehicle, the server is a server of a vehicle manufacturer OEM, and the terminal device is a smart phone as an example. , the device upgrade process in this application is divided into: a system setup phase (setup phase) and a system upgrade phase (update phase).

其中，in,

(1)车辆制造商OEM服务器端针对某特定车型(Car Model)的智能车辆进行系统设定，通过系统参数生成公钥pk_c与主密钥mr_c。(1) The OEM server of the vehicle manufacturer sets the system for the intelligent vehicle of a certain car model, and generates the public key pk_c and the master key mr_c through the system parameters.

(2)OEM服务器基于该主密钥(mr_c)，针对定义好前提条件所对应的属性信息生成属性密钥(ar_c)。然后将上述公钥(pk_c)和属性密钥(ar_c)通过安全通道发送至拥有对应属性信息的智能车辆。例如，智能车辆的属性信息包括车辆标识号(VIN)、发动机编号、车牌号、序列号、TBox：硬件版本1，软件版本1、HMI：硬件版本1，软件版本1、动力系统：硬件版本1，软件版本1。(2) Based on the master key (mr_c), the OEM server generates an attribute key (ar_c) for the attribute information corresponding to the defined preconditions. Then, the above-mentioned public key (pk_c) and attribute key (ar_c) are sent to the smart vehicle with corresponding attribute information through a secure channel. For example, the attribute information of a smart vehicle includes vehicle identification number (VIN), engine number, license plate number, serial number, TBox:hardware version 1,software version 1, HMI:hardware version 1,software version 1, powertrain:hardware version 1 ,software version 1.

(3)进一步地，OEM服务器还需要生成针对匹配的智能手机的属性信息的属性密钥，通过额外的安全通道发布给智能手机。其中，智能手机的属性信息也包含静态属性信息与动态属性信息两部份，例如，静态属性信息为手机号(phone number),动态属性信息为应用程序版本号(application version)。(3) Further, the OEM server also needs to generate an attribute key for the attribute information of the matched smartphone, and issue it to the smartphone through an additional secure channel. The attribute information of the smart phone also includes static attribute information and dynamic attribute information. For example, the static attribute information is a phone number, and the dynamic attribute information is an application version number.

(1)智能车辆与智能手机联合提出升级需求,使用公钥pk_c,身份与状态属性生成加密的身份与状态属性,i.e.Enc_{pk_c}(ID attributes,status attributes)。(1) The smart vehicle and the smart phone jointly propose an upgrade requirement, and use the public key pk_c, identity and status attributes to generate encrypted identity and status attributes, ieEnc_{pk_c} (ID attributes, status attributes).

(2)智能车辆将包含加密的身份与状态属性的升级请求发送给OEM服务器。(2) The smart vehicle sends an upgrade request containing encrypted identity and status attributes to the OEM server.

(3)OEM服务器根据所述主密钥(mr_c)对接收到的升级请求进行解密和验证，即通过对应的解密算法Dec_{mr_c}(C)以验证手机和车辆身份与状态，其中C则是指上述升级请求。(3) The OEM server decrypts and verifies the received upgrade request according to the master key (mr_c), that is, through the corresponding decryption algorithm Dec_{mr_c} (C) to verify the identity and status of the mobile phone and the vehicle, where C refers to The above upgrade request.

(4)OEM服务器根据属性集合中的状态信息找到可以升级的软件组合(package)，以及确认升级的前提条件。OEM服务器将前提条件组合成访问策略(policy)，并且通过该访问策略加密升级包Enc_{pk_c}(package,policy)。例如，访问策略为“引擎号码为1234567,手机号码为xxxx且人机界面HMI的软件版本号为1”，其中，对引擎号码的限制可以限制仅有该车辆可以使用该升级包，对手机号码的限制仅有该手机可以限定参与升级过程，对HMI软件版本号码可以限制该车辆的软件条件。(4) The OEM server finds software packages (packages) that can be upgraded according to the status information in the attribute set, and confirms the preconditions for upgrading. The OEM server combines the preconditions into an access policy (policy), and encrypts the upgrade package Enc_{pk_c} (package, policy) through the access policy. For example, the access policy is "the engine number is 1234567, the mobile phone number is xxxx and the software version number of the HMI HMI is 1", where the restriction on the engine number can restrict that only the vehicle can use the upgrade package, and the mobile phone number The limitation is that only the mobile phone can be limited to participate in the upgrade process, and the HMI software version number can limit the software conditions of the vehicle.

(5)OEM服务器向待升级设备提供该加密的升级包，其包含访问策略(accesspolicy)于其中。(5) The OEM server provides the encrypted upgrade package to the device to be upgraded, which includes an access policy therein.

(6)当智能手机与智能车辆上的车载主控制器获得该升级包时，通过所拥有的属性密钥(例如:引擎号码,手机号与HMI软件版本号码)联合进行解密,若属性密钥符合访问策略，则可以正确解出升级包。图16中的访问策略为手机具有号码为xxxx的属性密钥，车辆有引擎号码为1234567的属性密钥(ar_c)与HMI软件版本号码为1的属性密钥(ar_c)，则可以正确解密出升级包Dec_{ar_c}(C)。(6) When the smart phone and the on-board main controller on the smart vehicle obtain the upgrade package, decrypt it through the combination of the property key (for example: engine number, mobile phone number and HMI software version number), if the property key If the access policy is met, the upgrade package can be correctly extracted. The access policy in Figure 16 is that the mobile phone has the attribute key with the number xxxx, the vehicle has the attribute key (ar_c) with the engine number 1234567 and the attribute key (ar_c) with the HMIsoftware version number 1, then it can be decrypted correctly. Upgrade package Dec_{ar_c} (C).

本发明实施例与上述图12中的实施例的区别在于，使用了智能手机的协助进行升级。通过智能手机与车载主控制器的协同合作，提出升级要求,并且对收到的升级包进行解密，可以理解的是该系统架构下，可由智能车辆单独对升级包进行解密，也可由智能手机单独对升级包进行解密，还可以由两者共同协作对升级包进行解密。The difference between the embodiment of the present invention and the embodiment in FIG. 12 is that the upgrade is performed with the assistance of a smart phone. Through the cooperation between the smart phone and the main vehicle controller, the upgrade requirements are put forward, and the received upgrade package is decrypted. It is understandable that under this system architecture, the smart vehicle can decrypt the upgrade package alone, or the smart phone can decrypt the upgrade package alone. The upgrade package can be decrypted, and the upgrade package can also be decrypted jointly by the two.

请参见图17，图17是本发明实施例提供的又一种智能车辆的升级场景示意图，以待升级设备为智能车辆，以服务器为车辆制造商OEM的服务器为例，将本申请中的设备升级流程分为：系统设置阶段(setup phase)和系统升级阶段(update phase)，其中，关于系统设置阶段(setup phase)和系统升级阶段的描述，可参考上述图12-图16中任意一种实施例中的相关流程，此处不再赘述。其中，Please refer to FIG. 17 . FIG. 17 is a schematic diagram of another smart vehicle upgrade scenario provided by an embodiment of the present invention. Taking the device to be upgraded as an intelligent vehicle and the server being the server of a vehicle manufacturer OEM as an example, the device in this application is taken as an example. The upgrade process is divided into: a system setup phase (setup phase) and a system upgrade phase (update phase). For the description of the system setup phase (setup phase) and the system upgrade phase, please refer to any one of the above Figures 12-16 The relevant procedures in the embodiment are not repeated here. in,

本发明实施例与上述图12中的实施例的区别在于，是在系统设置阶段，通过不同的属性设计,可以减少车厂管理的钥匙对。图17中上半部分显示的是OEM服务器对不同车型的智能车辆分别生成一对钥匙，即车型A对应一个密钥对，车型B对应另一个密钥对。也即是说，对于每一种车型，OEM服务器都需要管理一对钥匙，导致OEM服务器要管理的钥匙对数量与生产的车型数量呈正比。图17的下半部分显示的是当OEM服务器将车型(Car Model)也列为属性信息之一时，则可以使用一对钥匙对管理不同的车型，并且用不同的车型属性密钥进行区别。The difference between the embodiment of the present invention and the above-mentioned embodiment in FIG. 12 is that in the system setting stage, the key pairs managed by the car factory can be reduced through different attribute designs. The upper part of Figure 17 shows that the OEM server generates a pair of keys for smart vehicles of different models, that is, model A corresponds to one key pair, and model B corresponds to another key pair. That is to say, for each model, the OEM server needs to manage a pair of keys, resulting in the number of key pairs to be managed by the OEM server is proportional to the number of models produced. The lower part of Figure 17 shows that when the OEM server lists the car model as one of the attribute information, a pair of key pairs can be used to manage different car models, and different car model attribute keys can be used to distinguish them.

以上详细阐述了本发明实施例的方法，下面提供了本发明实施例的相关装置。The methods of the embodiments of the present invention are described in detail above, and the related apparatuses of the embodiments of the present invention are provided below.

请参见图18，图18是本发明实施例提供的一种设备升级装置的结构示意图，该设备升级装置10可以应用于服务器，如上述图4或图5的系统架构中，设备升级装置10各个单元的详细描述如下。Please refer to FIG. 18. FIG. 18 is a schematic structural diagram of an apparatus for upgrading equipment according to an embodiment of the present invention. The apparatus for upgrading equipment 10 may be applied to a server. As shown in the system architecture of FIG. 4 or FIG. The detailed description of the unit is as follows.

策略生成单元101，用于根据待升级设备的属性集合生成针对所述待升级设备的访问策略；apolicy generating unit 101, configured to generate an access policy for the device to be upgraded according to the attribute set of the device to be upgraded;

加密单元102，用于基于属性加密算法，根据所述访问策略对目标升级包进行加密，生成目标升级包密文；Theencryption unit 102 is configured to encrypt the target upgrade package according to the access policy based on the attribute encryption algorithm, and generate the ciphertext of the target upgrade package;

第一发送单元103，用于将所述目标升级包密文发送至所述待升级设备，所述目标升级包密文用于所述待升级设备根据所述属性集合对应的一个或多个属性密钥进行解密，以获得所述目标升级包。Thefirst sending unit 103 is configured to send the ciphertext of the target upgrade package to the device to be upgraded, where the ciphertext of the target upgrade package is used for the device to be upgraded according to one or more attributes corresponding to the attribute set The key is decrypted to obtain the target upgrade package.

在一种可能的实现方式中，装置10还包括：In a possible implementation manner, the apparatus 10 further includes:

获取单元104，用于获取所述待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合。The obtainingunit 104 is configured to obtain an upgrade request of the device to be upgraded, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，获取单元104，具体用于：In a possible implementation manner, the obtainingunit 104 is specifically configured to:

在一种可能的实现方式中，所述属性集合包括所述待升级设备的一个或多个属性信息；策略生成单元101，具体用于：In a possible implementation manner, the attribute set includes one or more attribute information of the device to be upgraded; thepolicy generation unit 101 is specifically configured to:

在一种可能的实现方式中，策略生成单元101，具体用于：In a possible implementation manner, thepolicy generation unit 101 is specifically configured to:

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；装置10还包括：In a possible implementation manner, the attribute set includes one or more attribute information; the apparatus 10 further includes:

第一密钥生成单元105，用于生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；a firstkey generation unit 105, configured to generate a public key and a master key, where the master key is a private key corresponding to the public key;

第二密钥生成单元106，根据所述主密钥以及所述一个或多个属性信息，生成所述属性集合对应的一个或多个属性密钥；The secondkey generation unit 106 generates one or more attribute keys corresponding to the attribute set according to the master key and the one or more attribute information;

第二发送单元107，用于将所述一个或多个属性密钥发送至所述待升级设备进行预存储；其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。Thesecond sending unit 107 is configured to send the one or more attribute keys to the device to be upgraded for pre-storage; wherein, the one or more attribute keys are used by the device to be upgraded to The target upgrade package ciphertext is decrypted to obtain the target upgrade package.

在一种可能的实现方式中，请参见图19，图19是本发明实施例提供的另一种设备升级装置的结构示意图，装置10还包括：In a possible implementation manner, please refer to FIG. 19. FIG. 19 is a schematic structural diagram of another device upgrading apparatus provided by an embodiment of the present invention. The apparatus 10 further includes:

第三密钥生成单元108，用于生成公钥和主密钥，所述主密钥为所述公钥对应的私钥；A thirdkey generation unit 108, configured to generate a public key and a master key, where the master key is a private key corresponding to the public key;

第三发送单元109，用于将所述主密钥发送至所述待升级设备上进行预存储，所述主密钥用于所述待升级设备生成所述属性集合对应的一个或多个属性密钥，其中，所述一个或多个属性密钥用于所述待升级设备对所述目标升级包密文进行解密以获得所述目标升级包。Thethird sending unit 109 is configured to send the master key to the device to be upgraded for pre-storage, where the master key is used by the device to be upgraded to generate one or more attributes corresponding to the attribute set key, wherein the one or more attribute keys are used by the device to be upgraded to decrypt the ciphertext of the target upgrade package to obtain the target upgrade package.

需要说明的是，本发明实施例中所描述的设备升级装置10中各功能单元的功能可参见上述图1-图17所述的方法实施例中服务器的相关描述，此处不再赘述。It should be noted that, for the functions of each functional unit in the device upgrading apparatus 10 described in this embodiment of the present invention, reference may be made to the relevant description of the server in the method embodiments described in FIG. 1 to FIG. 17 , and details are not repeated here.

请参见图20，图20是本发明实施例提供的一种待升级装置的结构示意图，该待升级装置20可应用于待升级设备，如上述图4或图5的系统架构中，待升级装置20各个单元的详细描述如下。Please refer to FIG. 20. FIG. 20 is a schematic structural diagram of a device to be upgraded according to an embodiment of the present invention. The device to be upgraded 20 can be applied to the device to be upgraded. As shown in the system architecture of FIG. 4 or FIG. 5, the device to be upgraded 20 The detailed description of each unit is as follows.

接收单元201，用于接收服务器发送的目标升级包密文，所述目标升级包密文为所述服务器基于属性加密算法，根据访问策略对目标升级包进行加密生成的，所述访问策略为所述服务器根据所述待升级设备的属性集合生成的；The receivingunit 201 is configured to receive the target upgrade package ciphertext sent by the server, where the target upgrade package ciphertext is generated by the server encrypting the target upgrade package based on an attribute encryption algorithm and according to an access policy, where the access policy is all generated by the server according to the attribute set of the device to be upgraded;

获取单元202，用于获取所述属性集合对应的一个或多个属性密钥；an obtainingunit 202, configured to obtain one or more attribute keys corresponding to the attribute set;

解密单元203，用于根据所述一个或多个属性密钥对所述目标升级包密文进行解密，获得目标升级包。Thedecryption unit 203 is configured to decrypt the ciphertext of the target upgrade package according to the one or more attribute keys to obtain the target upgrade package.

在一种可能的实现方式中，装置20还包括：In a possible implementation manner, the apparatus 20 further includes:

发送单元204，用于发送升级请求，所述升级请求包括所述待升级设备的属性集合。The sendingunit 204 is configured to send an upgrade request, where the upgrade request includes an attribute set of the device to be upgraded.

在一种可能的实现方式中，所述属性集合包括一个或多个属性信息；获取单元202，具体用于：In a possible implementation manner, the attribute set includes one or more attribute information; the obtainingunit 202 is specifically configured to:

需要说明的是，本发明实施例中所描述的待升级装置20中各功能单元的功能可参见上述图1-图17所述的方法实施例中待升级设备的相关描述，此处不再赘述。It should be noted that, for the functions of each functional unit in the apparatus to be upgraded 20 described in the embodiment of the present invention, reference may be made to the relevant description of the device to be upgraded in the method embodiments described in FIG. 1 to FIG. 17 , and details are not repeated here. .

请参见图21，图21是本发明实施例提供的另一种设备升级装置的结构示意图，该待升级设备30可应用于终端设备，如上述图5的系统架构中，设备升级装置30各个单元的详细描述如下。Please refer to FIG. 21. FIG. 21 is a schematic structural diagram of another equipment upgrading apparatus provided by an embodiment of the present invention. The equipment 30 to be upgraded can be applied to terminal equipment. As shown in the system architecture of FIG. 5 above, each unit of the equipment upgrading apparatus 30 The detailed description is as follows.

发送单元301，用于向服务器发送待升级设备的升级请求，所述升级请求包括所述待升级设备的属性集合，所述属性集合包括所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。A sendingunit 301 is configured to send an upgrade request of a device to be upgraded to a server, where the upgrade request includes an attribute set of the device to be upgraded, and the attribute set includes one or more attribute information of the terminal device and the to-be-upgraded device. Update one or more attribute information of the device.

在一种可能的实现方式中，所述装置还包括：获取单元302，用于获取所述终端设备的一个或多个属性信息以及所述待升级设备的一个或多个属性信息。In a possible implementation manner, the apparatus further includes: an obtainingunit 302, configured to obtain one or more attribute information of the terminal device and one or more attribute information of the device to be upgraded.

需要说明的是，本发明实施例中所描述的设备升级装置30中各功能单元的功能可参见上述图1-图17所述的方法实施例中终端设备的相关描述，此处不再赘述。It should be noted that, for the functions of each functional unit in the device upgrading apparatus 30 described in the embodiments of the present invention, reference may be made to the relevant descriptions of the terminal devices in the method embodiments described in FIG. 1 to FIG. 17 , which will not be repeated here.

如图22所示，图22是本发明实施例提供的一种设备的结构示意图。本申请中的服务器、待升级设备和终端设备均可以以图20中的结构来实现，该设备40包括至少一个处理器401，至少一个存储器402、至少一个通信接口403。此外，该设备还可以包括天线等通用部件，在此不再详述。As shown in FIG. 22, FIG. 22 is a schematic structural diagram of a device provided by an embodiment of the present invention. The server, the device to be upgraded, and the terminal device in this application can all be implemented with the structure in FIG. 20 . Thedevice 40 includes at least oneprocessor 401 , at least onememory 402 , and at least onecommunication interface 403 . In addition, the device may also include general components such as an antenna, which will not be described in detail here.

处理器401可以是通用中央处理器(CPU)，微处理器，特定应用集成电路(application-specific integrated circuit，ASIC)，或一个或多个用于控制以上方案程序执行的集成电路。Theprocessor 401 may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits for controlling the execution of the programs in the above solutions.

通信接口403，用于与其他设备或通信网络通信，如升级服务器、密钥服务器、车载内部的设备等。Thecommunication interface 403 is used to communicate with other devices or communication networks, such as an upgrade server, a key server, and a device inside a vehicle.

存储器402可以是只读存储器(read-only memory，ROM)或可存储静态信息和指令的其他类型的静态存储设备，随机存取存储器(random access memory，RAM)或者可存储信息和指令的其他类型的动态存储设备，也可以是电可擦可编程只读存储器(ElectricallyErasable Programmable Read-Only Memory，EEPROM)、只读光盘(Compact Disc Read-Only Memory，CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质，但不限于此。存储器可以是独立存在，通过总线与处理器相连接。存储器也可以和处理器集成在一起。Memory 402 may be read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (RAM), or other type of static storage device that can store information and instructions The dynamic storage device can also be an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical disk storage, optical disk storage ( including compact discs, laser discs, compact discs, digital versatile discs, Blu-ray discs, etc.), magnetic disk storage media or other magnetic storage devices, or capable of carrying or storing desired program code in the form of instructions or data structures and capable of being stored by a computer any other medium taken, but not limited to this. The memory can exist independently and be connected to the processor through a bus. The memory can also be integrated with the processor.

其中，所述存储器402用于存储执行以上方案的应用程序代码，并由处理器401来控制执行。所述处理器401用于执行所述存储器402中存储的应用程序代码以实现本申请中服务器、待升级设备以终端设备的相关功能。Wherein, thememory 402 is used for storing the application code for executing the above solution, and the execution is controlled by theprocessor 401 . Theprocessor 401 is configured to execute the application program code stored in thememory 402 to realize the relevant functions of the server, the device to be upgraded and the terminal device in this application.

需要说明的是，本发明实施例中所描述的服务器、待升级设备和终端设备的功能可参见上述图1至图17中的所述的方法实施例中的相关描述，此处不再赘述。It should be noted that, for the functions of the server, the device to be upgraded, and the terminal device described in the embodiments of the present invention, reference may be made to the relevant descriptions in the method embodiments described in FIG. 1 to FIG. 17 , which are not repeated here.

本发明实施例还提供一种计算机存储介质，其中，该计算机存储介质可存储有程序，该程序执行时包括上述方法实施例中记载的任意一种设备升级方法的部分或全部步骤。An embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium may store a program, and when the program is executed, the program includes part or all of the steps of any device upgrading method described in the above method embodiments.

本发明实施例还提供一种计算机程序，该计算机程序包括指令，当该计算机程序被计算机执行时，使得计算机可以执行任意一种设备升级方法的部分或全部步骤。The embodiment of the present invention also provides a computer program, the computer program includes instructions, when the computer program is executed by the computer, the computer can execute part or all of the steps of any device upgrading method.

在上述实施例中，对各个实施例的描述都各有侧重，某个实施例中没有详述的部分，可以参见其他实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.

需要说明的是，对于前述的各方法实施例，为了简单描述，故将其都表述为一系列的动作组合，但是本领域技术人员应该知悉，本申请并不受所描述的动作顺序的限制，因为依据本申请，某些步骤可能可以采用其他顺序或者同时进行。其次，本领域技术人员也应该知悉，说明书中所描述的实施例均属于优选实施例，所涉及的动作和模块并不一定是本申请所必须的。It should be noted that, for the sake of simple description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present application is not limited by the described action sequence. Because in accordance with the present application, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present application.

在本申请所提供的几个实施例中，应该理解到，所揭露的装置，可通过其它的方式实现。例如，以上所描述的装置实施例仅仅是示意性的，例如上述单元的划分，仅仅为一种逻辑功能划分，实际实现时可以有另外的划分方式，例如多个单元或组件可以结合或者可以集成到另一个系统，或一些特征可以忽略，或不执行。另一点，所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口，装置或单元的间接耦合或通信连接，可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the device embodiments described above are only illustrative. For example, the division of the above-mentioned units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical or other forms.

上述作为分离部件说明的单元可以是或者也可以不是物理上分开的，作为单元显示的部件可以是或者也可以不是物理单元，即可以位于一个地方，或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described above as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

另外，在本申请各实施例中的各功能单元可以集成在一个处理单元中，也可以是各个单元单独物理存在，也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现，也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时，可以存储在一个计算机可读取存储介质中。基于这样的理解，本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来，该计算机软件产品存储在一个存储介质中，包括若干指令用以使得一台计算机设备(可以为个人计算机、服务器或者网络设备等，具体可以是计算机设备中的处理器)执行本申请各个实施例上述方法的全部或部分步骤。其中，而前述的存储介质可包括：U盘、移动硬盘、磁碟、光盘、只读存储器(Read-Only Memory，缩写：ROM)或者随机存取存储器(Random Access Memory，缩写：RAM)等各种可以存储程序代码的介质。If the above-mentioned integrated units are implemented in the form of software functional units and sold or used as independent products, they may be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the present application can be embodied in the form of software products in essence, or the parts that contribute to the prior art, or all or part of the technical solutions, and the computer software products are stored in a storage medium , including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc., specifically a processor in the computer device) to execute all or part of the steps of the foregoing methods in the various embodiments of the present application. Wherein, the aforementioned storage medium may include: U disk, mobile hard disk, magnetic disk, optical disk, read-only memory (Read-Only Memory, abbreviation: ROM) or random access memory (Random Access Memory, abbreviation: RAM) and so on. A medium that can store program code.

以上所述，以上实施例仅用以说明本申请的技术方案，而非对其限制；尽管参照前述实施例对本申请进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand: The technical solutions described in the embodiments are modified, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the spirit and scope of the technical solutions in the embodiments of the present application.